Today's Hottest Threats


After comparably mild levels of Ransomware during ICSA Labs' Q1 2017 and Q2 2017 advanced threat defense (ATD) testing periods, the amount of archive-based Ransomware received into ICSA Labs’ spam honeypot reached its second highest quarterly level since ICSA Labs began recording this menace 2 years earlier in mid-to-late 2015.  The figure below indicates that an average of over 39,000 spam messages with attached Ransomware archives were received each day by ICSA Labs’ spam honeypots during the Q3 2017 testing period.  This represents a 1,784% jump in the average daily number of received archive-based Ransomware as compared to the levels seen during the Q2 2017 ATD testing period.  

As one might expect, many Ransomware samples were part of the Q3 2017 ATD test set. Fortinet's ATP Solution, Kaspersky's KATA solution, and Trend Micro's DDI/DDEI detected all or nearly all of these malicious threats.   The most prevalent types of Ransomware seen during the Q3 ATD test cycle were Ergop and Locky.  Other malicious Ransomware in the test set included Betisrypt, Cerber, Genasom, LockScreen, Mytreex, Reyptson, Septrypt, Spora, and Troldesh samples. 

Average # ZIP Archives/Day

Related to the subject of archives with Ransomware in Q3 2017 but outside the time period for ATD testing, ICSA Labs is also tracking a veritable explosion of 7-Zip archives with Ransomware.  The preponderance of these 7-Zip archives containing malicious scripts were received in the ICSA Labs spam honeypot during the final two months of Q3 2017 as seen in the Figure below.


Average # ZIP Archives/Day