Stop Even the Nastiest Malware automatically
Want to protect your business from both known and never-before-seen threats while saving time and money in the process?
Start with Webroot® Business Endpoint Protection.
The 10 Nastiest Malware Variants of 2019
Botnets
#1 Emotet
Emotet, the most prevalent malware of 2018, held onto that notorious distinction into 2019. While it was briefly shut down in June, Emotet returned from the dead in September of this year. It remains the largest botnet to date, delivering various malicious payloads.
#2 Trickbot
Trickbot has been partnering with banking Trojan groups like IcedID and Ursif in 2019. Its modular infrastructure makes it a serious threat for any network it infects and, when combined with Ryuk ransomware, it’s one of the more devasting targeted attacks of 2019.
#3 Dridex
Dridex was once one of the most prominent banking trojans. Now it acts as an implant in the infection chain with the Bitpaymer ransomware (see below) and is achieving alarming success.
-
#1 Emotet
Emotet, the most prevalent malware of 2018, held onto that notorious distinction into 2019. While it was briefly shut down in June, Emotet returned from the dead in September of this year. It remains the largest botnet to date, delivering various malicious payloads.
-
#2 Trickbot
Trickbot has been partnering with banking Trojan groups like IcedID and Ursif in 2019. Its modular infrastructure makes it a serious threat for any network it infects and, when combined with Ryuk ransomware, it’s one of the more devasting targeted attacks of 2019.
-
#3 Dridex
Dridex was once one of the most prominent banking trojans. Now it acts as an implant in the infection chain with the Bitpaymer ransomware (see below) and is achieving alarming success.
Ransomware
#1 Ryuk
Emotet, Trickbot, and Ryuk, with one leading to the next, make up the most frightening ransomware triple threat. In terms of financial damage, this is probably the most successful chain of 2019. Ryuk infections, typically delivered by Trickbot, then resulted in mass encryption of entire networks.
#2 BitPaymer
Dridex is now being used as an implant in the Bitpaymer ransomware infection chain. We have observed Bitpaymer also delivered as a second-stage payload following Emotet.
#3 GandCrab
GandCrab is one of the most successful examples of ransomware-as-a-service (RaaS) to date, with profits in excess of $2 billion. We believe they are closely tied to the Sondinokibi/REvil ransomware variant.
#4 Sodinokibi
Sodinokibi/REvil arose after the retirement of GandCrab. Many of their affiliates seem to be having decent success targeting MSPs.
#5 Crysis (a.k.a. Dharma)
Crysis makes its second consecutive appearance on our Nastiest Malware list. This ransomware was actively distributed in the first half of 2019, with almost all infections we observed distributed through RDP compromise.
-
#1 Ryuk
Emotet, Trickbot, and Ryuk, with one leading to the next, make up the most frightening ransomware triple threat. In terms of financial damage, this is probably the most successful chain of 2019. Ryuk infections, typically delivered by Trickbot, then resulted in mass encryption of entire networks.
-
#2 BitPaymer
Dridex is now being used as an implant in the Bitpaymer ransomware infection chain. We have observed Bitpaymer also delivered as a second-stage payload following Emotet.
-
#3 GandCrab
GandCrab is one of the most successful examples of ransomware-as-a-service (RaaS) to date, with profits in excess of $2 billion. We believe they are closely tied to the Sondinokibi/REvil ransomware variant.
-
#4 Sodinokibi
Sodinokibi/REvil arose after the retirement of GandCrab. Many of their affiliates seem to be having decent success targeting MSPs.
-
#5 Crysis (a.k.a. Dharma)
Crysis makes its second consecutive appearance on our Nastiest Malware list. This ransomware was actively distributed in the first half of 2019, with almost all infections we observed distributed through RDP compromise.
Cryptojacking & Cryptomining
#1 Hidden Bee
Hidden Bee is an interesting exploit delivering cryptomining payloads. First seen last year with Internet Explorer exploits, it has now evolved into payloads inside JPEG and PNG images through steganography and WAV media formats flash exploits.
#2 Retadup
Retadup was a cryptomining worm with over 850,000 infections. It was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie when they took control over the malware’s command and control server.
-
#1 Hidden Bee
Hidden Bee is an interesting exploit delivering cryptomining payloads. First seen last year with Internet Explorer exploits, it has now evolved into payloads inside JPEG and PNG images through steganography and WAV media formats flash exploits.
-
#2 Retadup
Retadup was a cryptomining worm with over 850,000 infections. It was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie when they took control over the malware’s command and control server.
Purpose-Built for Business
Webroot is designed to help you grow your business. How? By keeping your clients safe and saving you time and money in the process.
Want to learn more? Start with Webroot® Business Endpoint Protection.
