Cofense Logo - Email Security Solutions

Ransomware Leads in Growth and Impact While Hackers Remain Committed to Data Theft

Share Now


PhishMe’s 2016 Malware Year in Review analysis shows fast growth of Ransomware while hackers continue to quietly attempt to steal data

LEESBURG, VA – March 14, 2017: PhishMe Inc., the leading provider of human phishing defense solutions, today released findings showing that while Ransomware delivered the greatest impact and growth in 2016, threat actors continue to attempt data breaches and theft.

Published today, PhishMe’s 2016 Malware Year in Review identified four major trends that resulted from the evolution of the phishing threat landscape:

  • Ransomware delivers fastest growth, biggest impact: While ransomware reached high levels of maturity showing triple-digit growth in 2016.
  • Data theft goals: PhishMe showed that a large portion of phishing attacks recorded in 2016 continues to deliver more traditional malware varieties, such as information stealers, remote access trojans or keyloggers in pursuit of corporate and financial data theft.
  • Bypassing technology with obfuscation techniques: During 2016, cyber criminals ramped up anti-analysis techniques designed to overcome controls used to prevent cyberattacks.
  • Malware delivery: Lightweight scripts overtook other malware delivery tools in proportion of usage, including Office Macro documents.

“While the spread of ransomware tools dominated industry discussions in 2016, threat actors remained committed to their tried-and-true techniques,” explained PhishMe Co-founder and Chief Technology Officer Aaron Higbee. “In addition to focusing on the ‘smash and grab’ of ransomware, threat actors also continue to quietly infiltrate the target’s environment, thus making it increasingly important to detect malware during the delivery phase. This challenges the traditional sense of malware hunting, making it even more necessary to lay a phishing defense program at the core of any security strategy.”

During the past year, PhishMe Intelligence and Research teams analyzed over 2,500 phishing attacks to map the various tools, tactics and techniques implemented and deployed by cybercriminals. Data showed the use of malware designed to steal private information remains a focus even as the use of popular encryption ransomware, such as Locky, Creber and TeslaCrypt grew quickly. While ransomware’s popularity garnered the most attention throughout the year, the prevalence of so-called “quiet malware,” allowing threat actors to carry out long-term operations without interacting with the victim remains a vital threat. Laying in wait will allow ransomware authors to assess the victim’s ability to pay, and adjust ransom amounts to maximize profits.

The research highlights the deeper development of anti-analysis and obfuscation techniques designed to circumvent traditional technology protections an trends with threat actors moving away from cumbersome delivery techniques with the use of highly adaptable delivery tools.

“The switch to much simpler and leaner delivery utilities has once again demonstrated how technology alone is unable to provide adequate levels of security for any organization,” Higbee continued. “As threat actors continue to alter their techniques to circumnavigate modern security filters, a different approach in security is needed to prevent cyberattacks from unfolding. Organizations must work toward building a sound phishing defense program that empowers its staff to spot and report suspicious-looking correspondence before it is too late.”

For more detailed information on the report, please attend PhishMe’s webinar on Tuesday, March 14th entitled, “2016 Malware Year in Review: Tricks, Threats, and Triumphs”.

To download a full copy of the 2016 Yearly Malware Review, click here.

Connect with PhishMe Online

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.