Gen reveals 24% rise in ransomware attacks on consumers
Last week, Avast, a security and privacy brand under Gen, published insights on the growing threat of ransomware attacks on individuals.
This information is part of the inaugural Gen Threat Report, which consolidates threat data previously reported separately by Norton Pulse Report and Avast Quarterly Threat Report. The Gen Threat Report offers a comprehensive overview of the evolving threat landscape.
The report disclosed a 24% increase in ransomware attacks targeting consumers quarter over quarter, with the highest surge observed in India at 379%, followed by the United States, Canada, and the United Kingdom, each experiencing a 100% increase. This rise underscores that ransomware remains a serious issue for individual consumers, not just businesses.
Based on Avast's telemetry data, the most prevalent ransomware strains are as follows: WannaCry (21%), Cylance ransomware (9%), Enigma (8%), STOP (6%), LockBit (5%), and Mallox (2%).
Jakub Kroustek, Director of Malware Research at Gen, commented on the findings: "Within the consumer threat landscape, a popular delivery technique is hiding ransomware payload in pirated content. Furthermore, cybercriminals are leveraging sophisticated tactics, such as fileless malware or double extortion schemes within the SMB and enterprise business, which involve both encrypting data and threatening to release sensitive information unless a ransom is paid." Kroustek emphasised that ransomware groups target a wide range of victims, including companies, institutions, and governments, and stressed the necessity of protecting individual consumers as well.
To combat the surge in ransomware, Avast researchers are actively collaborating with governments worldwide. They have developed several free decryptors to assist victims, including the newly launched Avast DoNex Ransomware Decryptor.
Additionally, the Gen Threat Report highlighted significant trends in cyber threats for Q2/2024, noting that cybercriminals are increasingly using generative AI to execute sophisticated scams. According to Siggi Stefnisson, Chief Technology Officer at Gen, scammers are now more adept at exploiting consumer interests to make their schemes more convincing. "We continue to see cybercriminals expand their toolkits with even more uses of AI to strengthen their attacks," he said. "Scammers are cunning and adept at exploiting what is most likely to be on consumers' minds – whether it has to do with elections, love, or financial security. Now with AI and other new tech, their schemes are more sophisticated and convincing than ever before."
The report also focuses on the new and revamped tactics used by scammers. With the rise of AI, cybercriminals can add a modern twist to their old tricks, such as using deepfakes of celebrities to promote fake cryptocurrency investment schemes. For example, the CryptoCore scam group recently used highly convincing deepfakes of official events on compromised YouTube accounts to lure victims into fake cryptocurrency giveaway campaigns, resulting in substantial financial losses.
Amid economic challenges, scammers are exploiting consumers' financial insecurity with part-time job scams that promise quick money for simple tasks. These scams have evolved from text-based interactions to sophisticated AI-generated voice communications, adding a new layer of deception.
The report also noted the revival of antivirus scams and the increasing threat of digital identity theft. Cybercriminals deploy aggressive pop-up alerts mimicking real antivirus programs to scare individuals into purchasing fake antivirus software. In terms of digital identity theft, attackers are using InfoStealers and Mobile Bankers to steal personal information directly from consumers' devices.
In Q2/2024, Mobile Bankers like TeaBot targeted customers of financial platforms such as Revolut, while spyware threats including XploitSpy and AridSpy infiltrated the PlayStore, stealing files and monitoring users through their cameras and microphones.
Overall, the Gen Threat Report emphasizes the need for heightened vigilance and proactive measures to protect against the various advanced threats posed by cybercriminals.