According to a report published by PhishMe, that’s the percentage of all emails that contain ransomware. Now 93% may sound a bit farfetched, and it’s easy to write this off as a scare tactic, and just continue opening emails with disregard and abandon. Or should we be paying closer attention to what we receive in our inbox?
On the same report, PhishMe also stated that approximately 6.3 million phishing emails were sent in the first quarter of 2016. That’s a 789% year-over-year increase since 2015. They (PhishMe) believe that this astronomical rise in phishing and ransomware attacks are the result of a perfect-storm scenario, in which several factors culminated to see the rise of attacks in 2016.
The first is the most obvious and has already been touched upon, encrypted ransomware attacks. These attacks are nothing new to the IT security community, but its rise over the years has been exponential. The trends do not look good as there are no signs that encrypted ransomware attacks are going away anytime soon. Most likely this is due to the success of the attacks and the low risk it brings to the cybercriminals.
The second factor is also no secret. When you take a step back and take a look at the amount of downloaders (both legal and illegal) you see a whole lot of people that are just inviting trouble into their lives. Ransomware has been found embedded in everything from videos, music, ebooks, pirated software and the like. Unless the mentality of downloaders change to adopt stricter security protocols, ransomware attackers will never find a shortage in potential victims. This is especially true since million of new downloaders come online for the first time with every passing year.
The third and final piece to this nightmarish puzzle is known as “soft targeting by functional area”. Once upon a time, cybercriminals would spam an entire company with a phishing email in hopes that some wayward soul would open the email, download the attachment an infect their system. However, that delivery model was easy to detect and thus their attack would be filtered out. In this day and age, attackers have stepped up their wit and cunning to engage their target. Attackers now meticulously craft emails to look like official documents, use various tricks to make it seem like the email is coming from a known or internal source and would even go so far as to impersonate someone of authority within the company, all in an attempt to con the victim-employee to download the documents or files which have been loaded with all sorts of malware including ransomware Trojans.