Ransomware Expected to Increase 150% This Year

Ransomware and fileless malware are both seeing large surges this year. According to the newly released Q2 2021 Internet Security Report from WatchGuard Technologies, in the first six months of 2021, ransomware attacks were already at nearly the total volume for all of the previous year and are on target to see a 150 percent increase by the end of the year. According to WatchGuard: "While total ransomware detections on the endpoint were on a downward trajectory from 2018 through 2020, that trend broke in the first half of 2021, as the six-month total finished just shy of the full-year total for 2020. If daily ransomware detections remain flat through the rest of 2021, this year’s volume will reach an increase of over 150 percent compared to 2020."

Fileless malware — malware originating from scripting engines, such as PowerShell — is increasing at an even greater pace and is on track to double 2020's total this year. AMSI.Disable.A is one such malware type that's on the rise. According to WatchGuard: "AMSI.Disable.A showed up in WatchGuard’s top malware section for the first time in Q1 and immediately shot up for this quarter, hitting the list at No. 2 overall by volume and snagging the No. 1 spot for overall encrypted threats. This malware family uses PowerShell tools to exploit various vulnerabilities in Windows. But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected."

Other findings from the report include:

  • A massive 91.5 percent of all malware arrived over encrypted connection. "Put simply, any organization that is not examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware," according to WatchGuard.

  • Network attacks rose 22 percent in the quarter, reaching the highest level sine 2018. "Q1 saw nearly 4.1 million network attacks. In the quarter that followed, that number jumped by another million – charting an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protections."

  • Microsoft Office continues to be a popular attack vector. WatchGuard reported a new 2017 RCE vulnerability that debuted in the second quarter as the No. 1 network attack. "Though it may be an old exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude awakening if an attacker is able to get to it before they do."

  • Aside from the 2017 RCE vulnerability, two other top-10 network attacks exploited old vulnerabilities, according to the report: a "2011 Oracle GlassFish Server vulnerability [and] a 2013 SQL injection flaw in medical records application OpenEMR…."

The report was based on "anonymized Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab’s research efforts. In Q2, WatchGuard blocked a total of more than 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device)."

The complete Q2 2021 Internet Security Report is available on Watchguard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • AI microchip, a cybersecurity shield with a lock, a dollar coin, and a laptop with financial graphs connected by dotted lines

    Survey: Generative AI Surpasses Cybersecurity in 2025 Tech Budgets

    Global IT leaders are placing bigger bets on generative artificial intelligence than cybersecurity in 2025, according to new research by Amazon Web Services (AWS).

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.