Skip to content
Best Practices

Spam In 2018: Cybercriminals Follow The Money To Ransomware

By Graeme Caldwell | 3 minute read

Spam is often thought of as a source of unwanted advertising email and low-grade scams but over the last few years, the proportion of malware spam produced by organized cybercrime has increased. In 2017, we’ve seen the consequences of this shift, with immense ransomware campaigns that have imposed economic and personal costs on populations across the globe.

Because spam has proven so lucrative for criminal organizations, we expect to see an even greater focus on phishing and malware spam in 2018.

The good news is that over the last year, the quantity of spam as a proportion of email sent has not increased substantially, although spam still constitutes the bulk of all email.

The bad news is that over the next year, email users will be bombarded with increasingly sophisticated and effective malware-laden spam.

In 2016, the number of ransomware attacks against businesses increased by a factor of three. In the first quarter of this year, more than half of all malware payloads were laden with ransomware. The popularity of ransomware is driven by its success: businesses that aren’t prepared to overcome ransomware pay the price, encouraging further ransomware attacks and contributing to the growing criminal economy.

For web hosting companies and others who provide email hosting, the growth of the spam and malware economy is bad news. The more money there is in spam, the greater the need for resources that can be used to send it.

Effective ransomware campaigns are typically the result of a “business arrangement” between two criminals groups. Those who write the malware and those with the resources to distribute it, the spammers.

Spammers are able to fulfill their end of the bargain only if they have sufficient botnet nodes to meet the needs of malware authors. That means web hosting accounts, eCommerce stores, content management systems, and servers are all potential targets.

The half-life of a compromised server is short. Server owners and hosting clients eventually notice that their resources have been hijacked to send spam. The implicated IPs don’t stay off spam blacklists for long. Compromised servers and hosting accounts are always in need of replacement.

As a result, web hosting companies can expect to see even more attacks against their servers and clients in 2018.

Is there anything web hosting providers and email providers can do to limit the impact on their users and networks? Basic security precautions are often enough to discourage the bots responsible for automated compromises. But web hosting providers can’t guarantee that their networks are never compromised.

In addition to keeping the spammers out, it’s important to keep the spam in. Effective outbound email filtering removes a key incentive—criminals cannot profit if their spam never reaches its destination. At the same time, outbound spam filtering helps keep IP addresses clean and off the radar of black list operators and email inbox providers.

In 2018, criminals will double-down on spam-distributed ransomware: web hosting providers and other businesses should be ready with solid security and outbound mail filtering.

Discover how MailChannels Cloud can help your business filter outbound spam.


Cut your support tickets and make customers happier