Cybercrime: Ransomware remains a 'key' malware threat says Europol

Ransomware remains the top malware threat to organisations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers.

The rise of highly targeted file-locking malware campaigns and the threat posed by nation-state backed campaigns, means ransomware "remains the key malware threat in both law enforcement and industry reporting," warns Europol's 2018 Internet Organised Crime Threat Assessment (IOCTA) report.

The damage of high profile campaigns like WannaCry, NotPetya and Bad Rabbit still loom large in the memory, with figures in the report suggesting a global loss of more than $5bn as a result of these attacks.

At a smaller scale, ransomware families like Cerber, Cryptolocker, Crysis, CTBLocker, Dharma and Locky are cited among those most damaging to businesses over the past 12 months.

However, the ever-evolving nature of ransomware means the threat is always changing. Locky was once the most prolific form of ransomware but has disappeared this year, while some attackers have shifted from spam campaigns to highly targeted attacks against specific organisations.

"As we have seen with other cyberattacks, as criminals become more adept and the tools more sophisticated yet easier to obtain, fewer attacks are directed towards citizens and more towards small businesses and larger targets, where greater potential profits lie," says the report.

SEE: Ransomware: An executive guide to one of the biggest menaces on the web

One notable example is SamSam ransomware, the operators of which are thought to have made over $6m in a campaign that involves careful planning, time and resources to spread throughout entire networks before attackers pull the trigger. The ransom demands are often for more than $50,000.

While ransomware still poses a significant threat, the Europol paper also warns organisations should be aware of the rise of cryptojacking malware, which it says "may overtake ransomware as a future threat".

This stealthy form of malware has gained significant traction in 2018 and sees attackers compromising systems and using their processing power to mine cryptocurrency. Unless the attackers push the mining operation too far, and cause significant slowdown on the infected device, it often goes unnoticed.

It also comes with the added bonus that, in some instances, it's not classed as criminal activity, with the report pointing out that web-based mining isn't classed as illegal.

On top of all this, Europol warns that despite the growth in attacks slowing down, remote access trojans still represent a danger, with data-stealing malware used in campaigns against governments and businesses, especially those in the financial sector.

SEE: 10 ways to raise your users' cybersecurity IQ (free PDF)

Europol's executive director Catherine De Bolle has called for collaboration and additional training in the fight against cyber crime, in order to combat the global threat that it poses.

"Cybercrime cases are increasingly complex and sophisticated. Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges," she said.

"Europol will continue its efforts to enhance cooperation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cybercrime be combated effectively."

The IOCTA report was launched at the 6th Interpol-Europol Cybercrime Conference in Singapore. Interpol stressed the need for collaboration when tackling cyber attacks.

"We must not only remain ahead of the technological curve, we must do so collectively. Only through a concerted globalized effort which maximizes our expertise and minimizes the gaps will we be best prepared to tackle emerging cyberthreats," said Tim Morris, Interpol executive director of police services.

READ MORE ON CYBER CRIME

• Ransomware attack blacks out screens at Bristol Airport
• Cybercrime hurting businesses to tune of $600 billion CNET
• WannaCry ransomware crisis, one year on: Are we ready for the next global cyber attack?
• Avoid ransomware payments by establishing a solid data backup plan TechRepublic
• New ransomware arrives with a hidden feature that hints at more sophisticated attacks to come