ThreatList: Ransomware Trojans Picking Up Steam in 2019

Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.

With the number of unique cyberincidents continuing to grow, ransomware-based attacks in particular are on the rise in 2019, researchers said.

Ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019, said Positive Technologies researchers in their Cybersecurity Threatscape report for the first quarter of 2019.

“[A]ttackers are now earning less money from ‘traditional’ ransomware,” said researchers in the report. “Thcyberattack ransomware is is probably due to the educational efforts of cybersecurity experts urging users not to pay a ransom for file recovery. Be that as it might, attackers keep inventing new ways to manipulate users.”

The report outlined popular trends in the malware space – such as growing popularity of multimodular trojans and ransomware, and decreasing popularity of malicious cryptomining. Overall, cyberincidents grew by 11 percent from the first quarter of 2018 according to the report.

When it comes to ransomware, “the share of ransomware Trojans will remain high so long as there are people willing to pay a ransom,” researchers said.

In particular, ransomware attackers are looking in 2019 to reinvent the game with new tricks and tactics. CryptoMix hackers, for example, tricked victims by promising to donate ransom payments to a children’s charity.

ransomware webinar malware trends

A panel of experts will discuss further ransomware trends in our upcoming Threatpost webinar.

And, “a new version of ransomware offers PayPal as a payment option,” researchers said. “If users choose to pay using PayPal, they are taken to a fake PayPal page. All credentials and payment information entered on the fake page are then stolen by attackers, who can withdraw money from victims’ accounts or sell this data on the Dark Web.”

[Note: Threatpost will further discuss ransomware trends during our free Threatpost webinar, June 19 at 2 p.m. ET. Join Threatpost and a panel of experts as they discuss how to manage the risk associated with this unique attack type, with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers.]

In addition to these new ploys, ransomware threat actors are also looking for larger targets with deeper pockets – and more personal data that they could lose. That includes institutions (such as Jackson County, Georgia, which paid $400,000 to restore IT infrastructure) and healthcare firms (including Columbia Surgical Specialists which paid $15,000 for file recovery).

Malware combining multiple types of Trojans – such as the DanaBot trojan, which functions as banking malware and also a password information stealer – is becoming more and more widespread, researchers said.

“Due to its flexible modular architecture, this malware can perform many different functions,” researchers said. “For example, it can display advertising and steal user data at the same time.”

ransomware trojan

Multifunctional trojans have become a new favorite for malicious cryptominers, who are finding mining to be less profitable. The share of hidden mining, or malicious cryptomining attacks, has decreased, with attacks reaching 7 percent share of overall attacks compared with 9 percent in the fourth quarter of 2018.

Because malicious actors can’t profit from cryptomining alone, they are turning to multipurpose trojans, such as a new trojan dubbed CookieMiner that not only installs a hidden miner on a victim’s computer, but also steals credentials and payment card information.

“Hackers have started to upgrade miners, turning them into multifunctional Trojans,” said researchers. “Once inside a system with low computational power on which mining is uneconomical, such Trojans start acting as spyware and steal data.”

Researchers said that in the future, attackers will continue to rely on old-school tactics like malware and social engineering – but with new tricks up their sleeves.

“We predict growth in the number of attacks in Q2 2019,” said researchers with Positive Technologies. “Malware and social engineering will remain the favored tools of attackers.”

Meanwhile, to stay safe, companies can create systems for centralized administration of updates and patches, deploy antivirus software, use automated software audit tools and utilize web application firewalls.

Ransomware is on the rise: Don’t miss our free Threatpost webinar on the ransomware threat landscape, June 19 at 2 p.m. ET. Join Threatpost and a panel of experts as they discuss how to manage the risk associated with this unique attack type, with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers.

Suggested articles