By Brooke Crothers
Published July 27, 2019
Ransomware is a hit with hackers, according to a new study.
In the study “Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum,” Recorded Future’s Insikt Group analyzed over 3.9 million posts about malware from underground forums on the dark and open web during a 12 month period ending in May of this year.
Ransomware ranked as the top malware category mentioned in the forums. “We believe this reflects a growing number of low-level actors developing and sharing generic ransomware on underground forums,” Recorded Future said in the study.
The study also noted that most ransomware requires "an exploit kit, phishing email, or brute-forced credentials, to install the malware on a victim host before it can be run."
In the U.S. this year ransomware has proved to be an effective tool for extracting money from cities and counties, as underscored in a report in Thursday’s Wall Street Journal.
For example, LaPorte County in Indiana paid attackers approximately $130,000 while Lake City, Florida paid out about $460,000 to unlock government data after the “Ryuk” attacks -- though both attacks were covered mostly by insurance. And Baltimore was hit by a devastating ransomware attack.
A ransomware attack often begins with someone opening up an infected attachment or link. As a result, the attacker is able to digitally lock critical files. Then payments are demanded in bitcoin to unlock the files. In the case of the Ryuk ransomware, the Emotet trojan and the TrickBot trojan can be used to deliver the ransomware, according to cybereason.
Other popular malware and what’s to come
Ransomware isn't the only game in town. In popularity, ransomware was followed by the categories of crypters, software that makes malware harder to detect, and trojans, a type of malware that looks legitimate but infects and takes control of a computer.
And the future is not exactly looking brighter. One of the pesky hallmarks of malware is that it’s constantly changing. “Insikt Group ascertains with high confidence that the top tools on underground forums will continue to change,” the report said.
The report saw spikes in activity surrounding newly emerging malware including Raccoon Stealer and new versions of Hawkeye Keylogger. Also, increases in comments about Gh0st RAT -- or Remote Access Trojan -- created by Chinese developers in 2008 and Star RAT, another Chinese RAT that has been widely shared on Chinese underground forums.
Insikt Group recommends that companies monitor the underground forums to build strategies to defend against new malware.