Ransomware Attacks Spiked in First Half of 2018, SonicWall Reports

SonicWall's mid-year 2018 cyber-threat report reveals that there has been a 229 percent increase in ransomware attacks so far this year.

SonicWall mid-year 2018 cyberthreat report

The first half of 2018 has seen a resurgence in ransomware attacks, according to SonicWall's mid-year 2018 cyber-threat report released on July 10.

For the first six months of 2018, SonicWall reported that it found 5.99 billion malware attacks, which is a 102 percent increase over the first six months of 2017. Of particular note, is a 229 percent, year-over-year increase in ransomware attacks, with 181.5 million attacks since January.

"We have seen an overall increase in Cerber family ransomware attacks in the first half of 2018," Alex Dubrovsky, vice president of software engineering and threat research at SonicWall told eWEEK. "We have also observed a few select strategic network locations targeted by Wannacrypt variants at a very high volume. "

Wannacrypt, which is also known as WannaCry, first struck systems around the world in May 2017 and has remained an issue ever since. With ransomware, malware encrypts user data and then holds it for ransom until the victim pays.

Ransomware isn't the only use of encryption by attackers. SonicWall noted that overall the use of encryption for data in transit using SSL/TLS for both legitimate traffic and cyber-attacks has grown to 69.7 percent, up from 68 percent in 2017. Looking specifically at attacks that make use of encryption, SonicWall reported a 275 percent increase in the first half of 2018.

Meltdown and Spectre

Among the biggest security stories in the first half of 2018 was the emergence of the Meltdown and Spectre vulnerabilities that impact multiple CPU vendors. Meltdown and Spectre help to enable side-channel attacks that can abuse system memory in order to steal user information. SonicWall now claims that its' Real-Time Deep Memory Inspection (RTDMI) technology will protect enterprises against Spectre attacks. Even though Meltdown and Spectre have received a lot of attention from researchers, attackers haven't used vulnerabilities, yet.

"Outside of existing research PoCs (Proof of Concept), SonicWall has not yet detected any custom malicious exploits in the wild targeting processor-based vulnerabilities like Spectre or Meltdown," Dubrovsky said.

While SonicWall is not yet seeing any specific Meltdown or Spectre attacks, its' RTDMI is in fact seeing a growing number of advanced memory attacks. In the first half of 2018, SonicWall reported that its RTDMI technology detected 12,300 attacks that were not detected by any other technology.

"At the time of detection by RTDMI engine, these attacks were not detected by other third party dynamic analysis solutions and either were not present or, not detected in a well-known anti-virus engine aggregator which runs more than 60 anti-virus engines from different 3rd party security vendors," Dubrovsky said. "The malware samples mostly consisted of executables, MS Office, PDF, script-based, Java and APK (Android) delivery vector types."

Looking forward to the second half of 2018, Dubrovsky said that SonicWall expects to to see a continued increase in ransomware as wall as malicious activities relating to stealing crypto-currencies. 

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.