by | Oct 14, 2022 | Threat Lab
Reading Time: ~ 2 min.
For the past year, hackers have been following close behind businesses and families just waiting for the right time to strike. In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage.
The 6 Nastiest Malware of 2022
Since the mainstreaming of ransomware payloads and the adoption of cryptocurrencies that facilitate untraceable payments, malicious actors have been innovating new methods and tactics to evade the latest defenses. 2022 was no different.
The ransomware double extortion tactic continues to wreak havoc, with ransomware attackers threating to both steal your data and also leak it if you don’t pay up. But this year also saw the onset of the triple extortion method – with this type of attack, hackers threaten to steal your data, leak it and then also execute DDoS attack if you don’t pay up. As a result, many organizations are shifting away from cyber insurance and adopting layered defenses in an effort to achieve cyber resilience.
Ransom payments continued to balloon – last year at this time the average was just below $150,000 but it now stands close to $225,000 (that’s increasing faster than the rate of inflation, for those counting at home!).
In bad news (as if we needed more), malicious actors seem to have settled on a favorite target: small and medium sized businesses. Large-scale attacks make headlines, but hackers have found that smaller environments make for easier targets.
But it’s not all bad news… after all, the first step in defeating your enemy is to learn their tactics. Our researchers have been hard at work uncovering the worst offenders to better build defenses against them. With that, here are the 6 Nastiest Malware of 2022.
Here are this year’s wicked winners
Emotet
- Persisting botnet with cryptomining payload and more
- Infects via emails, brute force, exploits and more
- Removes competing malware, ensuring they’re the only infection
Lockbit
- The year’s most successful ransomware group
- Introduced the triple extortion method – encryption + data leak + DDOS attack
- Accept payments in two untraceable cryptocurrencies Monero and Zcash as well as Bitcoin
Conti
- Longstanding ransomware group also known as Ryuk and a favorite payload of trickbot
- Shutdown attempts by US gov have made them rebrand into other operations such as Hive, BlackCat, BlackByte, and AvosLockerWill leak or auction off your data if you don’t pay the ransom
Qbot
- The oldest info stealing trojan still in operation
- Works to infect an entire environment to ‘case the joint’ before its final stage
- Creates ransomware Voltrons through partnerships with Conti, ProLock and Egregor
Valyria
- Malspam botnet that starts with email attachments containing malicious scripts
- Known for their complex payloads that can overwhelm defenses and evade detection
- Partners with Emotet to create a two-headed monster
Cobalt Strike / Brute Ratel
- White hat designed pen testing tool, that’s been corrupted and used for evil.
- Very powerful features like process injection, privilege escalation, and credential harvesting.
- The customizability and scalability are just too GOOD not to be abused by BAD actors
Protect yourself and your business
The key to staying safe is a layered approach to cybersecurity backed up by a cyber resilience strategy. Here are tips from our experts.
Strategies for business continuity
- Lock down Remote Desktop Protocols (RDP)
- Educate end users
- Install reputable cybersecurity software
- Set up a strong backup and disaster recovery plan
Strategies for individuals
- Develop a healthy dose of suspicion toward messages
- Protect devices with antivirus and data with a VPN
- Keep your antivirus software and other apps up to date
- Use a secure cloud backup with immutable copies
- Create strong, unique passwords (and don’t reuse them across accounts)
- If a download asks to enable macros, DON’T DO IT
About the Author
Tyler Moffitt
Sr. Security Analyst
Tyler Moffitt is a Sr. Security Analyst who stays deeply immersed within the world of malware and antimalware. He is focused on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and testing in-house tools.