Home / Blogs

Malware Reach Is Expanding, Ransomware on the Rise

We live in an online age, one where malware infections have become commonplace. Some might say this is the price of doing business online. News headlines report damaging attacks on well-known brands with depressing regularity. Consumer confidence suffers as customers look to organizations to sort out the issue, secure their transactions and fix the problem.

But will it ever truly get sorted? Fraudsters are now so skilled in their knowledge of human nature—how and why a person will respond to social engineering lures—that malware is growing faster than organizations ability to respond to, never mind educating consumers about the latest attacks.

There’s no silver bullet. A malware attack is a complex, multi-layered organized infiltration of malicious software against a company or a consumer. Fraudsters are using ever more sophisticated malware to extract personal details, gain account access, and steal data. The most prevalent types of malware are:

Spyware – software allowing the fraudsters to quietly watch and steal data from key logging or print captures on your computer system or network without your knowledge.

Banking Trojans – also called “crimeware,” malicious software designed to steal credentials for the purpose of banking or credit card fraud.

Ransomware – malicious software that infiltrates your network or system and encrypts the data until a ransom is paid.

Remote Access Trojans (RATs) – similar to banking Trojans, RATs install backdoors to provide remote login to an infected system or network allowing the fraudster additional access and further options for fraudulent activity.

Within each type, there are individual malware families, or groups of malware software packages that are similar in attack methods and lifecycle.


Of the four common types of malware listed, ransomware has been growing fastest in popularity. In 2015 the FBI reported $18 million in losses from a particular ransomware family called “CryptoWall” that had generated 992 complaints in the previous 14 months with victims reporting losses of over $18 million.

CryptoWall, CryptoLocker, and Teslacrypt are all examples of ransomware. Sophisticated lures have expanded the breadth of ransomware attacks across multiple industries, including financial, medical, and manufacturing companies, as well as individual consumers. Often the ransom must be paid in Bitcoin so that it cannot be traced back to the fraudster. While not paying the ransom is most preferable, if a consumer or organization has not backed up their files recently, or if daily business functionality is stalled, paying the ransom often ends up being the simplest way to fix the problem.

For corporations, ransomware may be the most threatening form of malware because the fraudster takes control of their network until the ransom is paid. This can escalate to a full data breach resulting in identity theft, invoice fraud, and other malicious activity that uses harvested data. This biggest cost might well be the loss of consumer trust from a full data breach.

Preventive Measures

How do we prevent our companies or our families from falling prey to a malicious online attack? The key is in educating employees and customers about the types of threats, the social engineering tactics used, and how they typically fool people. Taking all necessary technical precautions is a basic requirement: back-up your files regularly, make sure your anti-virus software is active and regularly updated, and make sure you have web (browser) and email filtering turned on.

For further information on malware and how it can impact your business watch this webinar where I’m joined by Jack Johnson, from our Security Operations Center. We review the various types of malware that are currently impacting and disrupting businesses and discuss mitigation strategies and best practices to protect your business.

By Stefanie Ellis, Anti-Fraud Product Marketing Manager at MarkMonitor

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Brand Protection

Sponsored byCSC