Here are the worst bits of malware in 2021

Webroot has collated some of the worst malware around and highlighted what it is that unites them.

The battle between big tech and big criminals is a constantly waged war. But the cybersecurity threats we have to tackle in our day-to-day lives online are becoming nastier, according to one analysis of malware that’s spread throughout 2021.

“2021 has been a year full of change, with lockdowns lifting and life slowly getting back to some kind of normal,” says Kelvin Murray, senior threat analyst at Webroot, which analysed the range of malware circulating online throughout the year so far.

“But what hasn’t changed is cybercriminals still looking for new ways to scam struggling businesses and customers.”

Kelvin Murray, senior threat analyst at Webroot

Webroot has collated some of the worst malware around and highlighted what it is that unites them – and what it sees as some of the most challenging, concerning and malicious malware that you can find around your tour of the internet.

Extortion is a new normal

Ransomware extortion has evolved from a trend into a new normal, Webroot has declared. Based on their analysis, they believe every major ransomware campaign is running the double extortion method - not just locking up vital files and demanding payment to release them, but the bad actors will leak data in the most damaging way if a ransom settlement is not reached. However, the average ransom payment has dropped from $200,000 last year to just below $150,000 now.

Phishing is also a worry that continues to concern Webroot.

“You just need to stake a vampire, cut off the head of a zombie or train users not to click on these phishing lures or to enable macros from the attachments – these methods are proven in stopping these creatures (and malware) in their tracks,” says Webroot.

However, there are other, more nefarious malware strains that Webroot has spotted in its tour of the internet. Among the strains in the 2021 hall of infamy are LemonDuck, a well-known botnet and cryptomining payload. In 2021, LemonDuck saw new features added that allowed its controllers to steal credentials, remove security protocols, and most concerningly of all, dropping more tools onto affected devices for follow up attacks.

Worst malware strains

LemonDuck is so horrific because it wants to be the single strain of malware that infects a machine, taking down any other malware that exists on a device. It also mines XMR because that is the friendliest hashing algorithm for consumer-grade hardware and therefore earns the most profits for cybercriminals. But LemonDuck isn’t alone in worrying Webroot.

REvil is one of the best-known bits of malware, and is on Webroot’s list of worries.

Trickbot is another strain of malware that the company is concerned about – despite the fact that it managed to survive attacks on the botnet launched by the US Department of Defense, Microsoft and others that almost destroyed it.

There’s also Dridex, a popular banking trojan and infostealer that has been linked to the Bitpaymer, Doppelpaymer and Grief ransomware strains. Previously, Dridex was dropped onto machines through Emotet, but since that has been shut down, it now runs its own campaigns. Just like Trickbot, says Webroot, Dridex takes its time gathering credentials until gaining full control. From there, they can do the most damage while preventing mitigation strategies from shutting them down.

What should worried businesses do?

“Businesses need to be aware of the ever-growing number of vulnerabilities and the type of cybersecurity threats being leveraged at any given time,” says Murray.

“We recommend all organisations have multi-layered security strategies in place to maintain trust and protect reputations, and cybersecurity budgets must remain a top priority as cybercriminals continue to increase their resources. Data protection should be front and centre and integrated into every aspect of any robust cyber resilience strategy, as opposed to simply being viewed as a box-ticking exercise.”