Over 97 Percent of All Phishing Emails Deliver Ransomware

According to PhishMe Inc.’s 2016 Q3 Malware Review, the proportion of phishing emails that deliver some form of ransomware reached 97.25 percent in the third quarter of 2016.

Locky ransomware executables were the most commonly-identified file type in the third quarter, PhishMe found. “Locky will be remembered alongside 2013’s CryptoLocker as a top-tier ransomware tool that fundamentally alterered the way security professionals view the threat landscape,” PhishMe CTO and co-founder Aaron Higbee said in a statement. “Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties.”

And while just 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of malware samples in those emails far exceeded that of the ransomware campaigns.

“The rapid awareness and attention on ransomware has forced threat actors to pivot and iterate their tactics on both payload and delivery tactics,” PhishMe CEO and co-founder Rohyt Belani said in a statement. “This sustained tenacity shows that awareness of phishing and threats is not enough. Our research shows that without a phishing defense strategy, organizations are susceptible to not just the voluminous phishing emails used to deliver ransomware, but also the smaller and less-visible sets of emails used to deliver the same malware that has been deployed for years.”

At the same time, a recent SentinelOne survey [PDF] of 500 cyber security decision makers at organizations with more than 1,000 employees found that 48 percent of respondents have fallen victim to a ransomware attack in the last 12 months.

Eighty-one percent of respondents that suffered ransomware attacks said the attackers had gained access through phishing emails or social media.

The types of data most often affected by the attacks were employee information (42 percent), financial data (41 percent), and customer information (40 percent).

In response to ransomware attacks, 67 percent of respondents have increased IT security spending, and 52 percent said they’re changing their security strategies to focus on mitigation. Fifty-four percent said their organizations have lost faith in traditional cyber security solutions like anti-virus.

“Ransomware has become one of the most successful forms of cybercrime in 2016, and is on the top of every security professional’s list of most prolific threats,” SentinelOne chief of security strategy Jeremiah Grossman said in a statement.

“It’s not surprising to see high levels of apathy towards traditional anti-virus software, and we don’t expect the ransomware epidemic to slow down anytime soon,” Grossman added. “The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods, as witnessed with Locky.”

Separately, a?KnowBe4 analysis of more than 10,000 email servers found that 82 percent of them were misconfigured, allowing spoofed emails to enter the organization appearing to come from the company’s own domain.

“A typical scenario is a spoofed email that looks like it comes from the IT administrator or ‘IT’ asking an employee to update their email account credentials,” KnowBe4 CEO Stu Sjouwerman said in a statement. “The uneducated employee fills out their username and password credentials thinking they are complying to a request, missing the tellate signs of a phishing attack with a spoofed email address. This can lead to any number of nefarious scenarios, including a ransomware attack where all computers on the company network are hijacked.”

A recent eSecurity Planet article offered advice on stopping ransomware.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles