McAfee Labs Sees New Ransomware Surge 165% In First Quarter of 2015


Intel Security’s latest McAfee Labs Threats Report, May 2015 has revealed a massive growth in new ransomware, HDD and SSD firmware attacks by the Equation Group, and a major increase in malware targeting Adobe Flash multimedia software.

In the first quarter of 2015, McAfee Labs has found the following:

New ransomware surged 165% in Q1 2015 largely due to proliferation of the CTB-Locker family and its “affiliate” program, a new ransomware family called Teslacrypt, and new versions of CryptoWall, TorrentLocker and BandarChor:

  • CTB-Locker – uses clever techniques for evading security software with higher-quality phishing emails and an “affiliates” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages
  • Teslacrypt – has taken specific aim at online gamers and their unique assets, between February and April 2015 Cybercriminals have collected $76,522 from 163 victims
  • TOX – a new ransomware kit discovered by Intel Security that makes it easier than ever for low-skilled cybercriminals to launch and operate ransomware crime rings

New Adobe Flash malware grew 317% as attackers shift focus from Java archive and Microsoft Silverlight vulnerabilities to exploit un-patched Adobe Flash vulnerabilities. Fortunately, Adobe Security Team successfully provided patches to all 42 new Adobe Flash vulnerabilities on the same day they were submitted to the National Vulnerabilities Database – showing great collaboration across the technology industry to react and respond to issues quickly.

Deeper analysis of the Equation Group firmware reprogramming malware found that the computer espionage group are using hard disk drive (HDD) and solid state drive (SSD) reprogramming technologies. Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating is reinstalled. Once infected, security software cannot detect the associated malware stored in a hidden area of the drive.

In addition, the report also revealed:

  • PC Malware Growth – Q1 2015 has seen a slight decline in PC malware due to the activity of adware family SoftPulse – which spiked in Q4 2014 and returned to normal levels in Q1 2015
  • Mobile Malware – new mobile malware samples jumped by 49% from Q4 2014 to Q1 2015
  • SSL-Attacks – have continued in Q1 2015 but have declined in numbers compared to Q4 2014
  • Spam Botnets – The Dyre, Dridex and Darkmailer3.Slenfbot are the top spam networks – overtaking Festi and Darkmailer2

“The first quarter of 2015 has seen a significant increase in data-stealing ransomware which highlights the growing importance for organisations and individuals to expand their knowledge of cyber threats including recognising phishing scams. However, in light of this, it is also great to see the industry acting and working together to respond so effectively to new threats,” said Mike Sentonas, Global VP and CTO – Security Connected, Intel Security.

“It is also very interesting to see the gaming industry attacked so heavily in Q1 of 2015. Cybercriminals have tapped into a huge audience with alarming implications as gamers will pay generously to get their data back and return to the game,” concluded Mike.

A copy of the report is available online here:


Comments are closed.