Ransomware Attacks Surge by 107%: Check Point Report

By Riley ThompsonTechnology News

Check Point Reports 107% Increase in Ransomware Attacks

Check Point Research experts have released a report on the most active cyber threats in April 2021. According to the researchers, the AgentTesla trojan made its debut in second place in the rankings, while Dridex continues to hold the top spot. Dridex is often used in the initial stages of ransomware operations, which are becoming increasingly common. In March, researchers warned that the number of ransomware attacks had increased by 57% at the start of 2021. Unfortunately, this trend has continued, with an overall growth of 107% compared to the same period last year. In 2020, experts estimated that global damages from ransomware reached about $20 billion, nearly 75% higher than in 2019.

AgentTesla has reached second place in the company’s rankings for the first time. This advanced Remote Access Trojan (RAT) has been infecting computers since 2014, functioning as both a keylogger and password stealer. The malware can monitor and collect keystrokes, take screenshots, and extract credentials from various programs installed on the infected machine, including Google Chrome, Mozilla Firefox, and Microsoft Outlook.

“We are seeing a massive increase in ransomware attacks worldwide, so it’s no surprise that the most popular malware in April is linked to this trend. On average, every 10 seconds, an organization somewhere in the world falls victim to ransomware,” said Vasily Dyagilev, head of Check Point Software Technologies in Russia and the CIS. “Hackers often use the names of well-known organizations in their attacks. This time, they impersonated the QuickBooks brand—a popular accounting software suite in the US, but also used in Russia. The malicious emails contained fake payment notifications and invoices. Organizations need to be aware of these risks and provide not only the right security solutions but also employee training. The human factor remains the most vulnerable link, so it’s crucial that staff can recognize phishing emails. Ransomware infections often start this way.”

Most Active Malware in Russia, April 2021

  • Trickbot – One of the leading banking trojans, constantly updated with new features and distribution methods. Trickbot is a flexible and customizable malware that can be used in multi-purpose campaigns. It targeted 14% of organizations.
  • Fareit – A trojan discovered in 2012. Its variants steal user passwords, FTP accounts, phone numbers, and other data stored in browsers. It can also install other malware on infected devices. It targeted 11% of organizations.
  • XMRig – Open-source software first detected in May 2017, used for mining Monero cryptocurrency. It was found in 7% of organizations.

Global Malware Trends, April 2021

  • Dridex – A banking trojan targeting Windows systems. It spreads via spam campaigns and exploit kits, using injects to steal personal and banking card data. It targeted 15% of organizations.
  • AgentTesla – An advanced RAT that has been attacking computers since 2014, acting as a keylogger and password stealer. It can monitor and collect keystrokes, take screenshots, and extract credentials from various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox, and Microsoft Outlook). It targeted 12% of organizations.
  • Trickbot – One of the leading banking trojans, constantly updated with new features and distribution methods. Trickbot is a flexible and customizable malware that can be used in multi-purpose campaigns. It targeted 8% of organizations.

Leave a Reply