Ransomware is one of the most critical cybersecurity problems on the internet and possibly the most powerful form of cybercrime plaguing organizations today. It has rapidly become one of the most important and profitable malware families among Threat Actors (TAs). In a typical scenario, the ransomware infection starts with the TA gaining access to the target system. Depending on the type of ransomware, it can infect the entire operating system or encrypts individual files. The TAs will then typically demand payment from the victim for the decryption of their files.

Ransomware is an open-source type of malware which allows anyone to easily participate in the ransomware ecosystem. This gives TAs ultimate flexibility when crafting a campaign since they can easily change the delivery mechanism, encrypting algorithm, and payout conditions. The various types of ransomwares are categorized based on how they infect their victims. However, there are multiple ways to infect end-users with ransomware.

We’re seeing an increased use of these malicious emails for various forms of ransomware campaigns due to their effectiveness and low cost.

Email-based attacks are not new --the first email phishing campaign was started in 1985 by Morris Worm. Since then, we’ve seen many different types of malware bring this concept alive.

Their mechanism is straightforward; attackers send an email containing a malicious file to their victims and entice them with a convincing message. The most common types of phishing emails are fake business emails, fake invoice emails, and links to malicious websites. In general, these emails will include some kind of attachment or link to a website that will initiate or trigger the attack.

Although email-based attacks have been around for decades, they’re still always successful in compromising end users’ systems.

‍

Source: AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns - AlienVault - Open Threat Exchange