Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Don’t open that! 93 percent of phishing emails are now ransomware

history of malware ransomware
Image used with permission by copyright holder
A new report suggests as much as 93 percent of all phishing emails that look to trick users into clicking a nefarious link or open a dangerous attachment, attempt to install ransomware on the user’s system. This suggests that the practice of encrypting files and demanding a ransom proves to be the most profitable way to scam PC users into giving up some coin.

This data comes out of threat management company PhishMe, which noted that phishing attacks riddled with ransomware have gone up from 56 percent of the total attacks in December 2015, to this new height just over six months later. That’s a huge increase, and shows that the malware trend is moving in one very specific direction.

But why? Adware, spyware, and other forms of nasty software have been prevalent for the better part of two decades. Why the sudden switch to this new attack format?

Protect all your hardware with Norton Security Premium

Mainly it’s because ransomware is easy. If a user pays up, you have money instantly. With stolen details they need to be sold, or credit cards used, which could potentially reveal the hacker. Ransomware is safer for them, and faster.

“If you look at the price point of paying the ransom, it is rarely more than 1 or 2 bitcoin, that’s $400 to $800, maybe $1,000 depending on the exchange rate,” said Brendan Griffin, a threat intelligence manager at PhishMe. “That’s a relatively low price point for a small to medium business.”

That’s a key point of this report too, that businesses are being targeted more by ransomware attacks. While there might be more of an emotional tie to documents and data with personal users, there is always a chance that they don’t have the technical know how to acquire the bitcoin usually required for payment. They are also less likely to have the funds to comply.

When it comes to most businesses though, a couple of bitcoins is a drop in the bucket. Ironically, it’s probably cheaper to just pay up (if indeed the files are returned to a working state) than it would be to pay someone to recover them from a back up or other means.

The report also suggests that ransomware is becoming easier to manage and distribute too, with ready-made kits allowing even those with little programming knowledge the chance to send out file-encrypting programs into the wild. Perhaps that’s why we’ve even seen some groups trying to recruit new “affiliates” for their scams.

This ease of use is leading to a more varied use of the nefarious technology too. Those behind it are trying “soft-targeted” phishing scams according to CSOOnline. This involves a blending of direct targeted email, using specific markers for a person such as their name or job title, but without trying too hard to appeal, which would perhaps set off someone more wary.

Unfortunately there aren’t any great methods of dealing with a ransomware attack just yet. Paying up is a bad idea, as it just encourages the practice. Our best suggestion would be to just back up everything important to you several times. It’s the only way to be secure from such an attack.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
You don’t have to use Bing – Google Search has AI now, too
Google Search Experience gives an overview with links and images.

Google Search Experience gives an overview with links and images. Google

Google is rolling out big changes to its top product, Google Search, adding generative AI capabilities. That means you don't have to switch to Bing to get a more helpful AI-enhanced search.

Read more
Microsoft, please don’t screw up the Asus ROG Ally
Asus ROG Ally on a purple background.

I'm excited about Asus' upcoming ROG Ally gaming handheld, and mainly for one reason: Windows 11. The device comes with a spec bump over the Steam Deck, and I won't argue with RGB lighting around my thumbsticks, but Windows is what makes the ROG Ally truly stand out.

With Windows, you don't have to worry about a verification program to play your games -- even if Valve has handled the Steam Deck Verified program very well -- and you can access other app stores. And, of course, there's Xbox Game Pass.

Read more
Nvidia finally made a tiny RTX 4000 graphics card (but you probably don’t want it)
RTX 4000 SFF going into a PC case.

After months of massive graphics cards like the RTX 4090, Nvidia is finally slimming things down at its GPU Technology Conference (GTC). The RTX 4000 SFF delivers the Ada Lovelace architecture in a tiny package, but you probably won't find it sitting among the best graphics cards.

Although the RTX 4000 SFF uses the same architecture in gaming GPUs like the RTX 4080, it's built for a very different purpose. It uses Nvidia enterprise drivers, and it's made to power computer-aided design (CAD), graphics design, AI applications, and software development, according to Nvidia. The card takes up two slots and includes a low-profile bracket for cases like the Hyte Y40.

Read more