Cofense Logo - Email Security Solutions

Q2 2016 Firmly Establishes Ransomware as a Mature Business Model for Malicious Actors

Share Now


PhishMe Q2 Malware Review identifies key security trends including the rise of encryption ransomware and remote malware deployments

LEESBURG, VA – 2 August, 2016 – PhishMe Inc., a leading provider of human phishing defense solutions, has revealed that the second quarter of 2016 saw ransomware firmly establish itself as a mature business model, with the threat showing no outward signs of diminishing. Encryption ransomware now accounts for 50% of all malware configurations, meaning that it is no longer considered simply a means for making a quick profit, but a permanent fixture on the threat landscape.

Published today, PhishMe’s Q2 2016 Malware Review identified three key trends previously recorded earlier in the year, but now firmly established:

  • Encryption ransomware: Given the tenacity and frequency of ransomware phishing attacks, it appears cybercriminals now consider this a tried and trusted business model
  • Rise in evasion techniques: PhishMe encountered an increase in the number and volume of malware deployments incorporating simple evasion techniques to circumvent protection by security solutions
  • Simple attacks still pack a punch: Numerous deployments of malware were recorded with less sophisticated actors who still wield robust feature sets

In March of 2016, PhishMe malware analysis noted a strong diversification of ransomware strains and were responsible for 93% of all malware payloads delivered that month. The Q2 malware research shows that ransomware has begun consolidation in May and June as Cerber encryption ransomware and Locky strongly dominated in the ransomware scene. The research behind this ransomware evolution strongly supports the notion that ransomware has effectively become a major business model for threat actors, seeking the most advantageous and cost-effective means for generating sustainable profits.

“Barely a year ago, ransomware was a concerning trend on the rise. Now, ransomware is a fully established business model and a reliable profit engine for cybercriminals, as threat actors involved treat it as a legitimate industry by selling information, tools and resources to peers based all around the world,” explained Rohyt Belani, CEO & Co-Founder, PhishMe. “Empowering the human element to detect and report these campaigns needs to be a top priority for organizations if they are to protect themselves from a threat that is here for the long term.”
The report also unveils findings on the usage of stenography and ciphers in malware delivery, both increasingly popular anti-analysis techniques designed to bypass security solutions and the efforts of security researchers. Using a common stenographic technique, threat actors are able to hide the Cerber executable of a Cerber malware payload within a seemingly harmless image file – sneaking past layers of security technologies to make its way into the target victim’s inbox. The report provides further examples on how the executables are embedded and what to look for when conducting a deep ransomware analysis.

Additionally, the Q2 2016 Malware Review also sheds light on remote access Trojan utilities which have garnered significant attention recently due to their purported use in the high profile intrusion and apparent theft of data from the Democratic National Committee. While details regarding the attack are still private, deployment of remote access Trojans via phishing email is a frequent occurrence. The risks associated with these less-sophisticated, yet feature-packed malware utilities have been underscored through frequent use by advanced actors.

To download a full copy of the Q2 2016 Malware Review, click here

Connect with PhishMe Online

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.