Since the last three months, Locky ransomware has topped the charts of all malware families, according to the quarterly report from security vendor Proofpoint.
Locky is in dominant position and it is no surprise to anyone following infosec sector. This ransomware family was distributed and created by one of the largest cyber-crime syndicates in the world, the very same people behind the famous Dridex banking trojan, which is one of the most commonly encountered malware threats.
Just to understand what happened in second quarter, you need the bigger picture of this entire year. 2016 started huge, with Locky appearing on the scene for the first time and slowly gaining more traction with rapidly growing numbers.This ransomware was spread not just by spam messages but also using exploit kits. Also spam was Locky’s main method of distribution, either by malicious Office files containing macro scripts or by ZIP files that contain malicious JavaScript files.
The spam distribution was at record numbers for almost all year, from January to May, Proofpoint detected some periods hundreds of millions of spam messages in a day.
Spam numbers came down in June, when one of the Dridex main botnets, Necurs that is responsible for distributing Locky ransomware, shut down for about three weeks.
Just in the same time, Angler exploit kit was also closed down, and a month earlier in May, so did Nuclear exploit kit.
Necurs eventually came back online by the end of June, but these three blows made Q2 a better quarter in terms of malware distribution compared to Q1.
Nevertheless, when it was active, the botnet helped Locky win the top spot as Q2’s most active malware threat. According to the company’s data, Locky dominated spam distribution in Q2, replacing the Dridex trojan as the most popular spam malware, while the CryptXXX ransomware remained the favorite malware spread via exploit kits.
एक टिप्पणी भेजें