These were the worst malware strains of 2019

(Image credit: Pixabay)

Webroot has released its third annual Nastiest Malware list highlighting 2019's worst cybersecurity threats and the fact that consumers and businesses alike need to take cybersecurity education more seriously.

Ransomware campaigns continued to see success this year by evolving to a more targeted model initially adopted in previous years and SMBs remain a prime target as they struggle with limited security budgets and cybersecurity skills.

Emotet, Trickbot and Ryuk was one of the most successful chains of 2019 in terms of financial damages. These malware strains have shifted their focus to more reconnaissance-based operation in which they assign a value to a targeted network after it has been infected and then send the ransom for that amount after moving laterally inside the network.

Gandcrab was the most successful instance of ransomware as a service to date and its authors have boasted shared profits in excess of $2bn. However, after Gandcrab's authors retired, Sodinokibi (Sodin/REvil) rose to take its place.

Back for its second year on the Nastiest Malware list, the Crysis/Dharma ransomware was actively distributed during the first half of 2019 and it was distributed through RDP compromise.

Phishing and botnets

Email-based malware campaigns increased dramatically in both complexity and believeability in 2019. Phishing campaigns also became more personalized and sextortion emails became quite popular as well.

When it comes to phishing, company impersonation posed a huge threat to businesses as cybercriminals would pretend to be from legitimate companies in order to have employees open their emails. Business email compromise (BEC) attacks were used to target individuals responsible for sending payments and cybercriminals used spoof email accounts or impersonated company executives to prey on unsuspecting victims.

According to Webroot, botnets remained a dominant force in the infection attack chain and no other type of malware was able to deliver more payloads of ransomware or cryptomining.

Emotet was the most prevalent malware of 2018 and it continued its dominance in 2019. Despite a brief shutdown in June, Emotet resurfaced in September as the largest botnet delivering various malicious payloads. Trickbot was also a major threat and its modular infrastructure makes it difficult to remove on any network it infects. Combining this botnet with the Ryuk ransomware made for one of the most devastating targeted attacks of 2019. Dridex was once considered one of the most prominent banking Trojans but is now used as an implant in the infection chain alongside the Bitpaymer ransomware.

Security analyst at Webroot, Tyler Moffit provided further insight on this year's Nastiest Malware list, saying:

"It comes as no surprise that we continue to see cybercriminals evolve their tactics. They may be using the same strains of malware, but they are making better use of the immense volume of stolen personal information available to craft more convincing targeted attacks. Consumers and organizations need to adopt a layered security approach and not underestimate the power of consistent security training as they work to improve their cyber resiliency and protection."

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough