Since the last three months, Locky ransomware has topped the charts of all malware families, according to the quarterly report from security vendor Proofpoint.
Locky is in dominant position and it is no surprise to
anyone following infosec sector. This ransomware family was distributed
and created by one of the largest cyber-crime syndicates in the world,
the very same people behind the famous Dridex banking trojan, which
is one of the most commonly encountered malware threats.
Just to understand what happened in second quarter, you need the
bigger picture of this entire year. 2016 started huge, with Locky
appearing on the scene for the first time and slowly gaining more
traction with rapidly growing numbers.
This ransomware was spread not just by spam messages
but also using exploit kits. Also spam was Locky’s main method of
distribution, either by malicious Office files containing macro scripts
or by ZIP files that contain malicious JavaScript files.
The spam distribution was at record numbers for
almost all year, from January to May, Proofpoint detected some periods
hundreds of millions of spam messages in a day.
Spam numbers came down in June, when one of the
Dridex main botnets, Necurs that is responsible for distributing Locky
ransomware, shut down for about three weeks.
Just in the same time, Angler exploit kit was also closed down, and a month earlier in May, so did Nuclear exploit kit.
Necurs eventually came back online by the end of
June, but these three blows made Q2 a better quarter in terms of malware
distribution compared to Q1.
Nevertheless, when it was active, the botnet helped
Locky win the top spot as Q2’s most active malware threat. According to
the company’s data, Locky dominated spam distribution in Q2, replacing
the Dridex trojan as the most popular spam malware, while the CryptXXX
ransomware remained the favorite malware spread via exploit kits.
एक टिप्पणी भेजें