Ransomware attacks see dramatic increase: McAfee

The latest McAfee Labs Threat Report from Intel Security warns of a rapid proliferation of new ransomware attacks, as well as HDD and SSD firmware attacks by a major computer espionage group and more malware targeting Adobe Flash.

According to the report, in the first quarter of 2015 ransomware increased by 165 per cent, largely driven by the new ransomware families CTB-Locker and Teslacrypt, and new versions of CryptoWall, TorrentLocker, and BandarChor. CTB-Locker has had success due to new techniques for evading security software, better phishing emails, and an “affiliate” program that gives those to spread CTB-Locker phising messages a percentage of the take.

Another area which saw greater activity in Q1 was malware related to Adobe Flash, with samples increasing by 317 per cent. McAfee researchers attribute the increase to the popularity of Flash, user delay in applying available patches, greater mobile device compatibility with Flash files, and new methods to exploit product vulnerabilities.

“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” said Vincent Weafer, senior vice-president of McAfee Labs, in a statement. “This research nicely illustrates how the tech industry works together constructively to gain  an advantage in the realm of cybersecurity  – industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent  potential issues.”

A new group of cybercriminals has also emerged called the Equation Group, which according to McAee seeks to exploit HDD and SSD firmware by reprogramming modules so the firmware can reload malware each time it boots, even if the drive has been reformatted or the OS reinstalled, as security software can’t detect the malware in a hidden area of the drive.

mcafee ransomware

“We at Intel take hybrid software-hardware threats and exploits seriously,” said Weafer. “We have closely monitored both academic proofs of concept and in-the-wild cases of malware with firmware or BIOS manipulation capabilities, and these Equation Group firmware attacks rank as some of the most sophisticated threats of their kind. While such malware has historically been deployed for highly-targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future.”

The quarter also saw a slight decline in new PC malware, and a 49 per cent spike in mobile malware. SSL-related attacks continued, albeit at a slower pace, and spam botnets pushing pharmaceuticals, stolen credit cards, and “shady” social-media marketing tools became the top spam networks.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
Jeff Jedras is a technology journalist with IT World Canada and a member of the IT Business team. He began his career in technology journalism in the late 1990s, covering the Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada and the channel for Computer Dealer News. His writing has also appeared in the Vancouver Sun & the Ottawa Citizen.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.