Despite increased law enforcement pressure on the ransomware industry and an IT community that has never been more aware of the ransomware threat, ransomware detections had already doubled the total number of detections for all of 2021 in just the first quarter, according to a new report from WatchGuard Technologies.
The cybersecurity firm’s researchers say it detected 2,365 ransomware attacks in the first quarter of 2022, a massive increase from the previous year’s first quarter, when the company detected just 848 ransomware attacks.
Further, the total ransomware detections in the first quarter were more than all of 2021, when WatchGuard detected 1,313 ransomware attacks. That’s good for an 80% increase from the previous year and more than triple quarter-over-quarter.
In a statement, the company’s Chief Security Officer Corey Nachreiner said 2022 should break the record for annual ransomware detections.
“We continue to urge companies to not only commit to implementing simple but critically important measures but also to adopt a true unified security approach that can adapt quickly and efficiently to growing and evolving threats,” he said.
WatchGuard’s Internet Security Report for the first quarter also touches on Log4Shell, the remote code execution vulnerability in Log4J that sent IT and security teams scrambling late last year to find and remediate the bug in thousands of software products.
According to WatchGuard, the exploit was heavily targeted in the first quarter, with the vulnerability now considered a top 10 network attack.
In addition, the company says the notorious botnet Emotet is alive and well despite global law enforcement action. Emotet now accounts for three of the top 10 malware detections, and is the most widespread malware, according to Watchguard.
“The basics of how Emotet operates hasn’t changed,” researchers wrote in the report. “It still turns the victim’s computer into a bot where the command-and-control server has complete control.”
However, WatchGuard researchers discovered malware samples related to Emotet that can spread via a USB drive or by a Windows shortcut ‒ .lnk files that contained embedded VBScript.
While PowerShell is a very useful tool to help IT professionals automate certain processes, it is being leveraged in attacks at an alarming rate, including to download and run malware. Scripting was used in 88% of all detections, with PowerShell responsible for 99.6% of script detections in the first quarter, according to WatchGuard’s analysis.
This suggests that threat actors are utilizing more legitimate tools to hide their activity, the company’s report says.