An Estimated 93% of Phishing Emails Contain Ransomware Encryption

In a report released last month, PhishMe, an American information security company, stated that approximately 93% of all phishing emails had encryption ransomware in them.

The report, which had data as recent as March 2016, stated that the occurrence of ransomware in phishing emails increased by 37 percentage points – rising a little under 10% every other month of 2015.

PhishMe also discovered that the number of phishing emails rose by an estimated 789% – up to 6.3 million instances – in the 3 months of 2015. Their research also showed that ransomware was in more than half of all instances in March, an increase from February’s 29% and January’s 15% totals for the year.

Industry experts believe that the exponential growth of ransomware cases are caused by how simple the malware variant is to spread, and how the monetary benefits are much faster and easier to attain. Compared to stolen credit card information or stolen identities, making money from ransomware takes less time, effort, and commitment.

Ransomware forces victims to act faster – paying right away to regain their “freedom.” Instead of hackers scouring corporate computer systems for unsecured data and going through the whole hacking process, ransomware attackers can relax once they have control over the system.

Small to medium businesses are willing to pay a ransom of up to $1,000 instead of trying to solve it themselves.

PhishMe’s threat intelligence manager Brendan Griffin, had this to add, “If you look at the price point of paying the ransom, it is rarely more than 1 or 2 Bitcoin, that’s $400 to $800, maybe $1,000 depending on the exchange rate. That’s a relatively low price point for a small to medium business.”

The amounts asked by hackers are usually inexpensive enough for the affected institution or business to come up with the amount rather than trying to find a solution themselves. Griffin also said that the ease of ransomware tools to use is drawing more cybercriminals to the fray.

TeslaCrypt and Locky are common ransomware types that have grown significantly the past months; however, some variants, like Cryptowall did not, according to PhishMe’s study. Cryptowall was identified in 9 out of 10 samples in October and November of 2015; Locky made up 75% of these samples in March.

PhishMe also spoke of “soft-targeting”, a method where a phishing email is addressed to a specific individual in the company, or a more general email sent to a whole department. It could have the name of a company executive, posing as an important message or job application email.

“This has been a creeping trend for a while now,” according to Griffin.

“For example, our vice president of finance received a message that said it was an important message for the vice president of finance, and had his name in the first line.”

Billing, invoice, or shipping-related messages are also used as fronts for these soft-targeted emails. Griffin adds that soft-targeted emails help the chances of phishing messages to be opened by unsuspecting victims.

Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.

Share on social media: