Ransomware Trojans picking up in 2019: Report

Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found. With the number of sophisticated cyberincidents continuing to grow, ransomware-based attacks in particular are on the rise in 2019, researchers said. Ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019, said Positive Technologies researchers in their Cybersecurity Threatscape report for the first quarter of 2019.

Attackers are now earning less money from ‘traditional’ ransomware,” said researchers in the report. “This is probably due to the educational efforts of cybersecurity experts urging users not to pay a ransom for file recovery. Be that as it might, attackers keep inventing new ways to manipulate users.”

The report outlined popular trends in the malware space – such as growing popularity of multimodular trojans and ransomware, and decreasing popularity of malicious cryptomining. Overall, cyberincidents grew by 11 percent from the first quarter of 2018 according to the report.

When it comes to ransomware, “the share of ransomware Trojans will remain high so long as there are people willing to pay a ransom,” researchers said.

In particular, ransomware attackers are looking in 2019 to reinvent the game with new tricks and tactics.

And, “a new version of ransomware offers PayPal as a payment option,” researchers said. “If users choose to pay using PayPal, they are taken to a fake PayPal page. All credentials and payment information entered on the fake page are then stolen by attackers, who can withdraw money from victims’ accounts or sell this data on the Dark Web.

Malware combining multiple types of Trojans – such as the DanaBot trojan, which functions as banking malware and also a password information stealer – is becoming more and more widespread, researchers said.

“Due to its flexible modular architecture, this malware can perform many different functions,” researchers said. “For example, it can display advertising and steal user data at the same time.”

Multifunctional trojans have become a new favorite for malicious  cryptominers who are finding mining to be less profitable. The share of hidden mining, or malicious cryptomining attacks, has decreased, with attacks reaching 7 percent share of overall attacks compared with 9 percent in the fourth quarter of 2018.

Because malicious actors can’t profit from cryptomining alone, they are turning to multipurpose trojans, such as a new trojan dubbed CookieMiner that not only installs a hidden miner on a victim’s computer, but also steals credentials and payment card information.

“Hackers have started to upgrade miners, turning them into multifunctional Trojans,” said researchers. “Once inside a system with low computational power on which mining is uneconomical, such Trojans start acting as spyware and steal data.”

Researchers said that in the future, attackers will continue to rely on old-school tactics like malware and social engineering – but with new tricks up their sleeves.

“We predict growth in the number of attacks in Q2 2019,” said researchers with Positive Technologies. “Malware and social engineering will remain the favored tools of attackers.”

Meanwhile, to stay safe, companies can create systems for centralized administration of updates and patches, deploy antivirus software, use automated software audit tools and utilize web application firewalls.