Virus peaks of over 40%!

by Stephane

Waves of massive ransomware attacks

Specialized in e-mail protection for 13 years, our gateways such as Altospam filter all families of viruses, spam, scams, phishings and advertisements. Eliminating spam and adverts can be seen as a convenience for the user, saving time and enabling them to concentrate on their work. Virus filtering, on the other hand, has a direct impact on the security of your corporate network and the integrity of your information system.

That’s why we are constantly vigilant in eradicating viruses, malware and ransomware. The following analysis shows the recent evolution of the latter.

With the arrival of ransomware on a massive scale, the number of viruses present in e-mails is skyrocketing on attack days. While the ratio of the number of emails containing a virus to the total number of emails processed had for years been at an average of 0.35%, since mid-2015 and especially early 2016, the rate of viruses in emails has reached record highs.

taux-virus-depuis-2005

Below is a graph showing the average monthly rate of viruses in e-mails. While this is just an average over the month, we can see that in February 2016 the rate exceeded 10%!

 

As a reminder, in early 2014 the first ransomware appeared in France, with waves of CryptoWall in particular. Then, in July and October 2015, came two big waves of Dridex (article on the subject: https: //www.altospam.com/actualite/2015/07/vagues-dattaques-facture-macro-word-virus-dridex/ ) .

 

The curve below shows the daily rate of viruses received since July 2015.. In February 2016 Locky made its appearance, peaking at over 40% of traffic (article on Locky: https: //www.altospam.com/actualite/2016/03/locky-ransomware-rage-france-aux-etats-unis/ ). Followed in March by Petya.

taux-virus-depuis-2015

 

The graph below shows data from February to May 2016. It can be used to identify genuine attacks. These “waves” of ransomware attacks are increasingly localized, and hyper-concentrated. An unknown polymorphic virus is sent in a pre-established email following a precise logic that makes you want to open it (invoice, order, fax, etc.). The fact that they are polymorphic and propagate very quickly makes antivirus programs less effective: they often take several hours to identify the virus, create a signature and propagate it. We can see from this graph that the attacks are getting faster and faster, going from 4-5 days to 2 days or even less than 24 hours for the last one. These are fast, massive attacks. Today, the general trend in viruses is towards concentrated attacks. It is therefore likely that ransomware will follow this trend and that attacks will become more targeted.

rate-virus-in-2016

In any case, it’s obvious that the use of conventional antivirus software is no longer sufficient. These are still necessary, but need to be complemented by other technologies that are more reactive to attacks.

That’s why we’ve integrated unknown virus detection technologies into Altospam, in addition to the 5 antivirus programs included. These technologies, including suspicious file detection, macro analysis, rejection of certain extensions, and ransomware-specific antispam analysis, are described in our article: Fortress anti-malware https://www.altospam.com/actualite/2014/02/la-forteresse-daltospam-les-malwares/

 

 

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …