Europol: Ransomware is far and away criminals’ favorite attack method

Highlighting incidents like the WannaCry and NotPetya ransomware outbreaks, officials point to the ease with which ransomware is monetized.
Europol, the EU's law enforcement agency, was in on the bust. (Europol)

For police tracking the cybercrime horse race, it’s clear that ransomware is pulling away.

While security incidents of all types continue at breakneck pace, a new report from the European Union’s law enforcement organization Europol pointed to ransomware as one of the easiest, most effective and common threats seen across the world.

“Ransomware has eclipsed most other cyberthreats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors,” Europol’s researchers wrote in the newly published 2017 Internet Organised Crime Threat Assessment (IOCTA). “Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector.”

The IOCTA, designed to provide guidance and recommendations to law enforcement and governments across the continent, tracked ransomware attacks in the last year and showed nearly every European Union member state reported a growing number of ransomware cases in 2017.


Highlighting incidents like the WannaCry and NotPetya ransomware outbreaks, officials point to the ease with which ransomware is monetized and the fact that virtually anyone with any data to their name can be a profitable target.

“The global impact of huge cybersecurity events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level,” Europol’s chief Rob Wainwright said.

Cryptocurrencies — Bitcoin in particular — are a factor in ransomware hackers’ success, the law enforcement officials said. National police reported seeing street level drug dealers converting Euros to cryptocurrency.

“Victims are atypical from the usual financial targets, and include entities such as hospitals, law enforcement agencies, and government departments and services,” Europol’s researchers wrote. “While the public also continues to be targeted, small to medium enterprises, who often lack the resources to fully safeguard their data and networks, are also key targets.”

It’s not all doom and gloom. On the ransomware front, IOCTA asserts that the headline-making ransomware outbreaks of 2017 did create awareness and push security personnel to adjust for the threat.


Europol also reported on turmoil in the exploit kit market, leading to a decline in usage. Exploit kits are criminal software products that focus on a target, identify vulnerabilities and then upload and execute malware. Well-known exploit brands crashed over the last two years, including the group suspected of creating the Lurk malware.

Lurk’s members were arrested by Russian police in 2016 and 2017.

The Angler exploit kit, long a market leader, died around the same time as the Lurk arrests, raising questions that were answered by a Kaspersky report that confirmed the connection. The market leaders today include RIG, Sundown and Magnitude, but they have failed to make a similar impact.

With that option less attractive, Europol reported, malware developers now rely on phishing, spam botnets, social engineering and other infection methods.

Latest Podcasts