Ransomware Attacks Rise by 167 Times, and Email Is a Major Vector

Ransomware is the goose that laid the golden egg for online criminals. It’s a highly lucrative source of revenue. The average computer user has no systems in place to protect themselves from ransomware attacks, and they regard personal and business data among their most important assets. A successful ransomware attack is less work than alternative criminal enterprises, it’s less risky, and there’s a greater chance that criminals will receive the desired payout.

So it’s no surprise that criminals are moving away from other “business models” and focusing on ransomware. Last year, it was reported that 93% of phishing emails contain ransomware. Even more worryingly, recorded incidents of ransomware attacks rose by 167 times in 2016 compared to 2015.

Ransomware cleverly exploits people’s desire for convenience over security and their unwillingness to be deprived of data. Ransomware attackers make it as easy as possible to pay and there’s a good chance that anyone who does pay will have their data returned to them. Many ransomware networks even provide user support to help victims pay and reclaim their data.

Enterprising criminals build ransomware-as-a-service products to make it even easier to launch a ransomware career.

This is bad news for the average computer user and for the companies that employ them, but web hosting companies and email providers are being hit hard too. Spammers and ransomware-as-a-service operations need server resources and bandwidth to send their ransomware emails, and since no legitimate hosting company willingly supports spammers, that means hacked servers, hosting accounts, eCommerce stores, and content management systems.

For any large provider of server resources, spammers are a constant source of problems. Bots scour the web for insecure accounts, hack them, and infect them with spam malware capable of sending tens of thousands of emails before they’re shutdown. The best way to stop spammers is to ensure that online services are secure enough that they can’t be hacked, but that’s easier said than done. Most users don’t have the inclination or the technical abilities to stick to even basic security best practices.

It’s safe to predict that any company providing online services for its customers or employees will be hacked at some point, and that the motivation will often be to install spam malware. In addition to stopping hackers getting in, businesses should also stop spam getting out.

As online service providers are targeted with ever greater frequency by ransomware spammers, they can expect to experience a significant degradation in their ability to have email delivered. The internet’s spam immune system — blocklist operators and email provider blocking — will quickly identify sources of spam by domain name and IP address.

Outbound spam filtering is a necessary component of any defense-in-depth approach to security. It’s not enough to harden networks at the point of contact with the open internet. If we’ve learned anything in the last few years, it’s that spammers will find a way — especially if they have the added incentive of a booming ransomware market.

Subscribe to Blog