First half of 2019 belonged to WannaCry and other five other ransomware variants

• The ransomware detection stood at somewhere between 40,000 and 45,000 incidents during the first six months of 2019.
• Threat actors were also detected using fileless techniques to distribute cryptocurrency mining malware, ransomware, and banking trojan.

The infamous WannaCry ransomware, which created massive havoc worldwide in 2017, remained the most active malware in the first half of 2019. The ransomware detection stood at somewhere between 40,000 and 45,000 incidents during the first six months of the year.

Notable ransomware incidents

Reported by Trend Micro, ransomware like Ryuk, LockerGoga, RobbinHood, BitPaymer, and MegaCortex were involved in some high-profile attacks observed in the first half of 2019.

While LockerGoga ransomware infection at Norsk Hydro caused the company to lose $55 million, the city of Baltimore had incurred $5.3 million in recovery costs after its systems were infected with the RobbinHood ransomware in May.

The Ryuk ransomware infection on systems at Lake City and Key Biscayne had forced the officials to pay ransoms in order to recover their encrypted files and systems.

Fileless malware threats

Threat actors were also detected using fileless techniques to distribute cryptocurrency mining malware, ransomware, and banking trojan.

“These threats had something in common: PowerShell abuse. While it is a convenient tool for system administrators, PowerShell can be used by cybercriminals to launch payloads without having to write or run a file in an affected system’s local memory,” the report highlighted.

BEC scams on a rise

Spoofed Microsoft Office 365 URLs that tricked users into revealing their credentials and other sensitive data saw a steep 76% increase in the first six months of 2019. Apart from this, Business Email Compromise (BEC) attempts also witnessed a 52% rise when compared to the second half of 2018. Scammers typically impersonated CEOs and other executives to trick unwitting employees into transferring funds to their accounts.

Other interesting facts

Threats pertaining to new vulnerabilities, exploit kits and botnets have also increased in the first half of 2019. Of the zero-day vulnerabilities detected between January and June, 2019, 40 were rated as ‘Critical’, 335 as ‘High’, 101 as ‘Medium’ and 107 as ‘Low’.

BlueKeep - that affects the RDP of older versions of Windows systems - also made to the notable vulnerabilities seen in the first half of 2019.

Regarding botnets, the first six months witnessed various contenders trying to make a major impact through different attack campaigns including variants of Bashlite and Mirai.