Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

McAfee Labs reports a surge in ransomware of 165 percent

Zafirah Salim | June 17, 2015
New ransomware surges 165 percent in Q1 2015 largely due to proliferation of the CTB-Locker family and its “affiliate” program, a new ransomware family called Teslacrypt, and new versions of CryptoWall, TorrentLocker and BandarChor.

In the first quarter of 2015, McAfee Labs registered a 165 percent increase in new ransomware driven largely by the new CTB-Locker ransomware family - a new ransomware called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.

This is according to the recently released McAfee Labs Threats Report: May 2015, which includes revelations on the rapid proliferation of new ransomware, HDD and SSD firmware attacks by the Equation Group computer espionage group, and a major increase in malware targeting Adobe Flash multimedia software. 

McAfee Labs attributes CTB-Locker's success to clever techniques for evading security software, higher-quality phishing emails, and an "affiliate" program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages. As such, it suggests that organisations and individuals should make it a priority to learn how to recognise phishing emails.

The first quarter also saw new Adobe Flash malware samples increase by 317 percent. Researchers attribute this rise to several factors: the popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; a steep increase in the number of mobile devices that can play Adobe Flash files; and the difficulty of detecting some Adobe Flash exploits.

Researchers are also seeing a continued shift in focus among exploit kit developers, from Java archive and Microsoft Silverlight vulnerabilities to Adobe Flash vulnerabilities. In fact, 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database in Q1. On the same day those vulnerabilities were posted, Adobe made initial fixes available for all 42 vulnerabilities.

"With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users," said Vincent Weafer, senior vice president, McAfee Labs. "This research nicely illustrates how the tech industry works together constructively to gain  an advantage in the realm of cybersecurity  - industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent  potential issues."

To fully leverage vendor efforts to address vulnerabilities, McAfee Labs urges organisations and individual users to be more diligent in keeping their products updated with the latest security patches.

In February 2015, the cybersecurity community became aware of efforts by a secretive outfit called Equation Group to exploit HDD and SSD firmware. McAfee Labs assessed the reprogramming modules exposed in February and found that they could be used to reprogram the firmware in SSDs in addition to the previously-reported HDD reprogramming capability.

Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. When infected, security software cannot detect the associated malware stored in a hidden area of the drive.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.