2018 Report: Ransomware’s Back And Cryptojacking Is Skyrocketing

Proofpoint published its Threat Report for the second quarter of 2018 with a very grim result. The report has been made as a product of analysis from the 5 billion email messages and 250,000 virus specimens that the company has observed for the 2nd quarter.

Social Engineering is powering the spread of banking trojans, malicious browser plugins and cryptojacking malware for the first half of the year. Fake support calls claiming to be from Microsoft and other IT giant grew by 38%, while there is 30% growth of social media phishing links for the same period.

Based on the same report, RATs (Remote Access Trojan) incidents surged, in sharp contrast with Banking Trojan that had fewer incidents due to the resurgence of ransomware cases.

“Ransomware was largely absent from malicious email campaigns in Q1, particularly compared to the previous 18 months. During that time it dominated the threat landscape. The reason for its decline has been the subject of significant speculation. It remains to be seen how ransomware campaigns will evolve in the coming months. Threat actors continue to diversify beyond the ransomware that had previously proved so lucrative. A year ago, the rapid introduction of new ransomware strains peaked, with almost two new strains appearing each day. Since then, the rate at which new variants were introduced by malware authors and attackers has steadily declined. Even as ransomware began appearing more frequently again in malicious email campaigns, we continued to see consolidation around major strains,” said in the report.

RAT, Banking Trojan and Ransomware co-exist with the strong growth of scam emails of the second quarter, which stands above 87%. Scammers are improving with writing clickbait emails and website links, the record shows that around 14.2% of malicious link-bearing spam emails were clicked.

The black market for exploit kits also has a stable outlook. Exploit kits are easy to use packages that are available in the black market, especially from the which enable a website administrator to install malicious functionality in their websites like data mining, botnet hosting, malware hosting and cryptojacking.

Proofpoint has also advised the public to be more alert with crypto jacking infection incidents, as it is very damaging for the end-user. Cryptojacking overwork the devices, just to mine cryptocurrency for the virus authors. “Throughout Q2 2018, we have also observed the steady growth of events on our IDS sensor network relating to Coinhive. And, beginning in late May, we saw a rapid increase in Coinhive traffic. This resulted in a 460% jump quarter over quarter. Coinhive was originally developed to allow website operators to monetize their sites. It did this by co-opting visitor CPUs to mine Monero cryptocurrency. Some sites have already implemented the JavaScript code, following the best practice of informing users of the activity. In some cases, they have done away with advertisements for a revenue stream. In many other cases, though, attackers have modified the code and inserted it on websites without informing users in a practice known as cryptojacking,” concluded the report.