Bitcoin ransomware operators lose popularity with hackers

Ransomware fell out of the top threats in the first half of 2020, accounting for just 1% of all hacker attacks, according to Group-IB specialists.

Even in the previous half-year, bitcoin-extortion ransomware appeared in every other malicious email; however, operators have since shifted their attacks from individual users to large corporate networks.

“Hackers have focused on targeted attacks, selecting large victims and demanding substantially larger sums. The operators’ drive to pull off a big score will likely lead to a rise in targeted attacks, while email will remain the main source of their distribution,” the experts explain.

In the top threats for the first half of the year, phishing disguised as various online services ranked highly. Against the backdrop of the pandemic and the move to online business, the number of fake web pages rose to a record 46%.

“By stealing the user’s account data, attackers can also access the bank card linked to the account,” Group-IB notes.

In second and third places among targeted categories of web phishing were mail agents (24%) and financial institutions (11%). Other top entries included payment services, cloud storage providers, social networks and dating sites.

Attachments containing spyware programs or links to their downloads were found in 43% of the analyzed Group-IB malicious emails. A further 17% contained loaders, while backdoors and banking trojans shared third place — they were hidden in 16% and 15% of the malicious mailings respectively.

In the top 10 threats for this period were the RTM Trojan, the LOKI PWS spyware, AgentTesla, Hawkeye and Azorult, Formbook backdoors, Nanocore, Adwind, Emotet and Netwire.

Among new tools are: the open-source remote administration tool Quasar, the Gomorrah spyware that extracts user account data from various programs, and the 404 Keylogger for collecting user data.

Almost 70% of malicious files reached the victim’s computer via archives, about 18% were disguised as office documents, and another 14% as executable files and scripts.

In 2019, the popularity of ransomware rose — at that time, the number of attacks grew by 40% compared with 2018. The three most aggressive trojans of that period demanded a total of $800,000 in cryptocurrency.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.