New Ransomware Attacks Could Surface This Year

Ransomware remains a significant cyber-threat in 2015, with a number of new threat forms developed to replace CryptoLocker, the first ransomware to exploit Bitcoin, according to the “2014 Annual Security Threat Report,” released by security solutions provider Cloudmark.

Ransomware locks computers, and the hackers demand payment from individuals or companies that have lost access to their information. While payment may be required in the form of Bitcoin, a type of encrypted digital currency, the cyber-crime groups now experimenting with ransomware are looking at ways to maximize their profits. This includes different methods of payment or various payment amounts, according to Andrew Conway, a research analyst with Cloudmark.

Two of the more well-known ransomware types are now Crypto Wall and Torrent Locker, which are being distributed through channels such as email spam, malvertising and watering hole attacks, according to the report. The CryptoLocker attack, which was stopped in May 2014 by law enforcement and security researchers, had has lasting ramifications, however.

“One researcher likens it to turning on the kitchen light and having the cockroaches scatter,” Conway said. “Now, instead of one ransomware package, there are three or four of them out there.”

The most obvious choice for individuals and companies that have not backed up their data is to pay the ransom, he said. This is often the only way to regain access to their information. Conway mentioned that a law enforcement agency in the United States had to pay a ransom as a result of a ransomware attack.

“Occasionally, there will be a bug on ransomware that will enable people to get their data back,” he added. “But, if you don’t have another copy of that data, pay the ransom if you need [the data].”

Steady Stream of Spam

Cloudmark’s report also shows steady use of spam messaging sent to mobile phone users in 2014, particularly those using Apple’s iMessage service. In May and June of last year, more than 40 percent of short message service (SMS) spam campaigns were reported by iPhone users, with most of those focused on the sales of counterfeit bags and sunglasses.

“We believe these iMessage spammers are based in China, where the fake designer goods are produced and shipped from,” Conway said. “They are doing this by phishing and taking over the account and using it to send spamware.”

In other words, a person’s contact list is likely to be stolen and taken over by the spammer. “Their friends will be the persons getting the spam,” he said.

While iMessage spam increased fourfold in the final months of 2014, it still only accounted for 5 to 7 percent of the total U.S. SMS spam sent during that time. The top SMS threat remained bank and financial account phishing. And, instead of just asking users to reply to frozen account messages with a phone call, some attackers created simulated bank account recovery pages that mimicked a financial institution’s brand and look.

“The bank phishing just goes on and on,” Conway said. “It seems there are a number of operators doing it. [With] some forms of spam, you can see that there is only one person behind it, but there are others where you can see there are a number of different approaches being used, making it much harder to go after.”

Prize spam accounted for the second most common type of SMS phishing in 2014, according to Cloudmark. In fact, during the second quarter of 2014, “free cruise” spams made up more than 70 percent of all fake-prize ploys, the company’s report shows.

But what may be truly interesting to watch in 2015 is whether attacks on mobile payment systems develop and expand, according to Conway. “I think as we move more toward mobile payment systems, we’re going to see more attempts to compromise these,” he predicted.