As reported in the press, Ransomware was hot in 2016. That rings true - and is reflected in - ICSA Labs' standard ATD and ATD-Email testing. Received spam emails* with Ransomware numbered upwards of 30,000 per day in both the Q2 and Q3 2016 test cycles and nearly 70,000 per day in the Q4 2016 test cycle.
Comparing the quantity of Ransomware received in late 2015 and early 2016 to the amount received in both Q2 and Q3 2016 reveals an approximately 12,000% increase in received malicious Ransomware threats! If Ransomware was big in Q2 and Q3 2016, Ransomware was especially prevalent in Q4 2016. Roughly 68,000, or more than double the previous quarters per day average, were received throughout the Q4 test cycle, many of which were harvested, used (if new enough) or adapted for use in testing.
The reason the chart above mentions ZIP archives is because Ransomware is often delivered in an archive like a ZIP file. Security researchers often discover a .js file (the Ransomware) either alone or accompanied by another file together inside the ZIP archive and attached to the spam email message.
What will the hottest threats be next quarter following another cycle of standard Advanced Threat Defense (ATD) and ATD-Email certification testing? Check back to find out. In the meantime, see if your security provider has had its ATD solution and ATD-Email solution tested and certified. If not, contact your ATD provider and ask them to participate in ICSA Labs' quarterly ATD and ATD-Email certification testing which uses the latest new and little-known threats typically missed by traditional security products.
* One of the malicious threat sources for standard ATD as well as ATD-Email testing is ICSA Labs' spam email honeypot.