Investigation tracks hospital ransomware payments through bitcoin accounts; ransomware, mobile, and macro malware threats surge in Q2 2016
Intel Security released its McAfee Labs Threats Report: September 2016, which assesses the growing ransomware threat to the healthcare industry, surveys the “who and how” of data loss, explains the practical application of machine learning in cybersecurity, and details the growth of ransomware, mobile malware, macro malware, and other threats in Q2 2016.
In the first half of 2016, our researchers identified a ransomware author and distributor who appeared to receive $121 million (BTC 189,813) in payments from ransomware operations targeting a variety of sectors. Dark net discussion board communications suggest that this particular cybercrime actor had accumulated profits of $94 million during the first six months of this year. The scale of the operation is in line with research McAfee Labs conducted with its Cyber Threat Alliance partners in late October 2015, when the group uncovered a ransomware operation using the CryptoWall ransomware strain to extort nearly $325 million over the course of two months.
The research team attributes the increased focus on hospitals to such organizations’ reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organizations, and hospitals’ need for immediate access to information to deliver the best possible patient care.
Vincent Weafer, Vice President for Intel Security’s McAfee Labs said, “As targets, hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations. The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
As per the release, the Q2 report also features the results of a primary research study assessing data loss incidents, including the types of data leaking out, the ways data exits organizations, and the steps organizations must take to take to improve the capabilities of data loss prevention.
The survey found that retail and financial services organizations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organizational responses to the frequency of cyber-attacks and the value of the data held by companies in these two sectors. Having sustained fewer cyber-attacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and, accordingly, possess the least comprehensive data protection capabilities.
In the second quarter of 2016, McAfee Labs’ global threat intelligence network detected 316 new threats every minute, or more than 5 every second, and registered notable surges in ransomware, mobile malware, and macro malware growth:
- Ransomware. The 1.3 million new ransomware samples in Q2 2016 was the highest ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128% in the past year.
- Mobile malware. The nearly 2 million new mobile malware samples was the highest ever recorded by McAfee Labs. Total mobile malware has grown 151% in the past year.
- Macro malware. New downloader Trojans such as Necurs and Dridex delivering Locky ransomware drove a more than 200% increase in new macro malware in Q2.
- Mac OS malware. The diminished activity from the OSX.Trojan.Gen adware family dropped new Mac OS malware detections by 70% in the second quarter.
- Botnet activity. Wapomi, which delivers worms and downloaders, increased by 8% in Q2. Last quarter’s number two, Muieblackcat, which opens the door to exploits, fell by 11%.
- Network Attacks. Assessing the volume of network attacks in Q2, denial-of-service attacks gained 11% in the quarter to move into first place. Browser attacks dropped by 8% from Q1. These most prominent attack types were followed by brute force, SSL, DNS, Scan, backdoor, and others.
