PhishMe® Q1 Malware Review Shows Ransomware Calm Before the Storm

Share Now


Observing a Reset in Ransomware and a Rise in Botnet Malware, PhishMe Responds by Providing All Customers with New Malware Analysis Feature

LEESBURG, VA June 6, 2017: PhishMe Inc. (, the leading provider of human phishing defense solutions, today released its comprehensive malware trends analysis for Q1 2017 as well as announced the availability of PhishMe Intelligence Strategic Analysis threat alerts and reports for all customers to combat phishing and malware threats.

PhishMe’s Q1 2017 Malware Review revealed several notable trends including a 69.2 percent increase in botnet activity, an uncharacteristic drop in ransomware, and increases in regionalized, international malware delivery. The increase in botnets and overall slowing of ransomware delivery indicated a shift back to basics and a retooling period, which resulted in threat actors rapidly innovating on their techniques as evidenced by second quarter strikes, including a resurgence of Locky ransomware, the debut of Jaff ransomware encryption, and the now notorious WannaCry worming ransomware.

Published today, the report includes an analysis of 749 sets of phishing emails delivering nearly 10,000 unique malware samples supported by over 14,000 online resources. You can read the full report here.

PhishMe Intelligence™ revealed a number of major trends, which have come to fruition over the past few months:

  • Ransomware-as-a-business enters the next stage of innovation: As the first quarter of 2017 came to a close, it ended a period of relative calm in the ransomware space. In fact, rather than abandoning an incredibly lucrative business model, threat actors were about to unleash new innovations and developments including the WannaCry “atom bomb of ransomware” worming malware.
  • A rising tide in botnet malware: Highly-adaptable and multifunctional botnet malware varieties grew in usage by 69.2 percent through the first quarter. Led by the Ursnif malware, these utilities provide threat actors with the access they need to initiate longer-term intrusions. Utilities like TrickBot, DELoader and Zeus Panda can all be used to facilitate lengthy surveillance and espionage operations.
  • International trends: Many of the top malware in use was deployed using phishing lures in multiple languages, demonstrating that threat actors continue to recognize the value of attacking users around the world. Most notably, PhishMe Intelligence observed Zeus Panda using Italian-language messages and Ursnif phishing emails using German and Japanese content.

PhishMe Provides New Feature to Fight Phishing

In an effort to help combat threat actors’ fast-evolving tactics to circumvent security, the PhishMe Intelligence Strategic Analysis threat alerts and reports are now provided to all PhishMe customers on a weekly basis. The Strategic Analysis reports include detailed intelligence on the ever-changing tactics, techniques and procedures used by today’s threat actors. They are designed to deliver relevant and actionable details on threat actors, indicators of compromise, key malware families, tactics used to evade detection and engage users, and the very latest attachment types and scripting methods.

“Our Q1 2017 Malware Review shows that threat actors continue to be relentless in their tenacity to extort money and information from individuals and businesses worldwide,” explained PhishMe CTO and Co-founder Aaron Higbee. “Consequently, it’s clear that timely and relevant intelligence on the latest phishing attacks and threats more important than ever, which is why we are extending our ongoing phishing intelligence reporting to all our customers at no extra cost. Strategic Analysis reports have long been part of the PhishMe Intelligence offering, but now all PhishMe customers will receive weekly notifications with detailed intelligence on the evolving tactics, techniques, and procedures.”

Connect with PhishMe Online

 About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.