The PhishLabs Blog

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Picking on the Little Guy: Ransomware Trends

Posted by Lindsey Havens on Mar 8, '17

In late 2015, malware trends hinted a ransomware epidemic was on its way.

And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.

Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.

So what happened? After all, ransomware has been around for decades, so why the sudden explosion?

Read More

Topics: Ransomware, PTI Report

Exploiting Weakness: Why Healthcare is an Obvious Ransomware Target

Posted by Lindsey Havens on Jan 24, '17


Since the start of 2015, healthcare has been hit with more ransomware than any other industry.

Headlines abound with tales of healthcare organizations declaring states of emergency, turning away patients, and often opting to pay ransoms just to end their nightmare.

Read More

Topics: Ransomware, Healthcare

The Top 9 Reasons Healthcare Organizations are a Hacker’s Best Friend

Posted by Lindsey Havens on Jan 10, '17

In recent years, healthcare organizations have been attacked with more frequency, velocity, and fervor than any other industry. IBM dubbed 2015 “the year of the healthcare breach” in their 2016 Cyber Security Intelligence Index, and if recent headlines are anything to go by 2016 wasn’t much better.

But why are healthcare organizations targeted so consistently? On the surface, gambling sites and financial institutions would seem like better targets, so what is it about healthcare organizations that threat actors find so tempting?

In the end, it all comes down to one factor: Money.

Read More

Topics: Data Breach, Ransomware, Security, Healthcare

Why Ransomware Works, Why it Doesn't, and What it Will Work on Next

Cybersecurity is a field defined by its dynamism, as is crime. When analyzing trends to assess the future of these two
frequently overlapping spaces, the most efficient way to separate persistent threats from hype is by asking not just where the money is, but what the easiest way is to get it. While ransomware has had a lock on headlines all year, the most recent news stories all seem to emphasize increases in attacks targeting educational institutions, state and local governments, and healthcare organizations. Let's examine why this change from shotgun targeting to more focused targeting is happening. 

Read More

Topics: Ransomware

Ransomware Reload & Definitive Resource Guide

Posted by Lindsey Havens on Oct 21, '16

If you have been following our Cyber Security Awareness Month series,  we applaud you for taking steps to become #CyberAware. We want you to be in best position to keep your organization safe and prevent the next attack. 

If you're just joining us, no worries! We will walk you through the actions you should be taking to prevent attacks like ransomware from gaining a footholinside your network. 

How to Defend Against Ransomware.jpgAround 1.5 percent of spam emails contain malicious attachments or URLs, along with content designed to manipulate people into opening them. This technique, known as phishing, has become an overwhelming favorite of threat actors in the past few years, primarily because it’s a cheap, effective, and a fast way to compromise targeted networks. Phishing has been far and away the most popular delivery method for ransomware, and the continued evolution of text-based social engineering attacks has been a significant factor in the rise of ransomware.What should we do about it? For starters, we must stop being easy targets. Education is the key. Here you will find a comprehensive list of resources for fighting back. Let's get started! 

Read More

Topics: Ransomware, Cyber Security Awareness Month

Pay Up: The 2016 Definitive Guide to Ransomware

Posted by Lindsey Havens on Oct 19, '16

Right now most organizations are completely unready to cope with ransomware, both from security and recovery standpoints. In many cases, even basic security protocols such as consistent vulnerability management are lackluster or missing entirely, and threat actors are making millions of dollars every year as a result. 

That’s why, as part of our   Cyber Security Awareness Month series,  we are helping you take action by sharing our best resources on ransomware. 

In an effort to fight back together against cyberattacks, download this free copy of our Ransomware Whitepaper where we explore the growing threat of ransomware, and what you can do to keep your organization secure. We will walk you through the actions you should be taking to prevent ransomware from gaining a foothold inside your network, and how to make your security program the best it can be. 

Read More

Topics: Ransomware, Cyber Security Awareness Month

#CyberAware: Spotlight on Ransomware

Posted by Lindsey Havens on Oct 18, '16

We field a lot of questions about ransomware, but there’s one in particular that comes up time and time again. “Are we at risk from ransomware?” It’s not a difficult question to answer. Yes, you’re at risk… Everybody is at risk. 

You see, there are plenty of ways for threat actors to spread ransomware. They create fake online advertisements and pop-ups, exploit known vulnerabilities to gain access to corporate networks, and they even drop USB sticks loaded with ransomware in public places. They’re pulling out all the stops to infect your systems with ransomware, so yes, you need to be concerned.

Read More

Topics: Ransomware, Cyber Security Awareness Month

Federal Trade Commission Hosts Ransomware Workshop

Posted by Lindsey Havens on Sep 9, '16

The Federal Trade Commission (FTC) responded to the rising ransomware threat on September 7, 2016 with a technology workshop in Washington, D.C. The workshop brought security experts, including PhishLabs' Vice President of Threat Research, Joseph Opacki, together to address common questions and concerns around the ransomware threat. Opacki  joined a panel during the workshop to educate the audience on the overall landscape of the ransomware threat and reasons it's proliferating at such a high pace.

Read More

Topics: Ransomware

Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)

With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit.  Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established ransomware families for any change in tactics, techniques, or procedures, we monitor social media and underground markets for emerging threats. Through this process, our team was alerted to and began an investigation of what is likely a new threat actor’s first attempt at ransomware design and distribution.

Recently we observed a new type of ransomware, called Alma Ransomware, being delivered via exploit kit. Often hidden on web servers, exploit kits (EK) are toolkits used by threat actors that exploit vulnerabilities in visiting users’ web browsers to deliver malicious payloads.  Alma Ransomware (MD5 Hash: 92f8a916975363a371354b10070ab3e9) was observed being delivered via the RIG Exploit Kit. The malicious payload tripped only one indicator on VirusTotal at 2016-08-22 14:51:15 UTC:

 Figure 1: VirusTotal indicator from day 1 of circulation.

Read More

Topics: Ransomware


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events