During Q1 2019, Cryptolocker malware spiked to account for 24% of all malware used, up from only 9% in Q4 2018, according to a new report from Positive Technologies.
“This malware is often used in combination with phishing, with hackers constantly inventing new ways of deceiving users and making them pay a ransom. Healthcare has proved to be a favorite target of cryptolockers. Medical institutions are more likely to pay a ransom compared to other businesses, perhaps because of patients' lives and health being at stake,” the report stated.
“Phishing remains an effective way of delivering malware. But email is far from the only channel of malware distribution. For example, users frequently download files from torrent trackers, on which the risk of malware infection grows exponentially. Under the guise of a movie, attackers distributed malware used for spoofing addresses of bitcoin and Ethereum wallets when the information is copied from the clipboard. Users also often download programs from official app stores.”
Also up during Q1 was the number of unique threats, which exceeded the numbers from Q1 of last year by 11%. The report noted an increasing number of cases of infection using multifunctional Trojans, with attackers most often hitting government agencies (16%), medical institutions (10%) and industrial companies (10%).
“Malware combining multiple types of Trojans is becoming more and more widespread. Due to its flexible modular architecture, this malware can perform many different functions. For example, it can display advertising and steal user data at the same time,” the report said.
While Cryptolocker malware has risen, the percentage of hidden mining has decreased to 7% from the previously reported 9% in Q4 2018.
“Hackers have started to upgrade miners, turning them into multifunctional Trojans. Once inside a system with low computational power on which mining is uneconomical, such Trojans start acting as spyware and steal data,” the report said. According to the research, cyber-criminals are using self-developed spyware or hacking government websites to steal data from governments.