August 22, 2017

Kaspersky Lab Reports Q2 Spammers Used WannaCry Epidemics to Promote Fraudulent Services

Woburn, MA – August 22, 2017 – Kaspersky Lab today announced its “Spam and phishing in Q2 2017” report, which found cybercriminals involved in spam distribution tried to capitalize on public fears of the WannaCry ransomware epidemic with spam and phishing emails.

Woburn, MA – August 22, 2017Kaspersky Lab today announced its “Spam and phishing in Q2 2017” report, which found cybercriminals involved in spam distribution tried to capitalize on public fears of the WannaCry ransomware epidemic with spam and phishing emails. Also during the quarter, there was an increased amount of mass mailings targeting corporate networks and mass mailings of malicious Trojans.

The WannaCry ransomware attack affected more than 200,000 computers across the globe, resulting in massive panic, and spammers instantly capitalized on the opportunity. Researchers detected a large amount of spam messages offering services such as protection from WannaCry attacks, data recovery, and, moreover, educational workshops and courses for users. In addition, spammers successfully implemented a traditional scheme of fraudulent offers to install software updates on affected computers, which instead redirected people to phishing pages aimed to steal the personal data of victims.

Another top trend reported in the second quarter is the number of mass mailings targeted at corporate networks. Based on Kaspersky Lab research, these have expanded since the beginning of the year. Spammers began to widely disguise malicious mailings as corporate correspondence, by using the identities of corporate mail services, including real signatures, logos and even banking information. In archives attached to the email, cybercriminals sent out exploit packages targeted at stealing FTP, email and other passwords. Kaspersky Lab experts highlight in the report that most attacks on the corporate sector have financial goals.

In addition, researchers detected a growth in number of mass mailings with malicious Trojans, sent on behalf of international delivery services. Spammers were sending shipping reports with information about non-existent parcel deliveries. With the aim to infect computers or to steal personal credentials, criminals were found spreading download links with malware, including the banking Trojan Emotet, which was first detected back in 2014. Overall, the volume of malicious mass mailings have increased by 17 percent, according to the report.


The number of email antivirus detections, Q1 2017 vs Q2 2017

“During the second quarter of the year, we have seen that the main trends in spam and phishing attacks have continued to grow,” said Darya Gudkova, spam analyst expert at Kaspersky Lab. “The use of WannaCry in mass mailings proves that cybercriminals are very attentive and reactive to international events. Moreover, cybercriminals have started to focus more on the B2B sector, seeing it as lucrative. We expect this tendency will continue to grow, and the overall amount of corporate attacks, and their variety, will expand.”

Other important trends and statistics in Q2, highlighted by Kaspersky Lab researchers, include the following:

  • The average amount of spam has increased up to 56.97%. Vietnam became the most popular source of spam, overtaking the U.S. and China. The top 10 countries include Russia, Brazil, France, Iran and the Netherlands.
  • The Necurs botnet is still active. However, the experts spotted a decrease in the volume of spam sent from this botnet, and its instability.
  • The country most targeted by malicious mailshots was Germany. The leader of the previous period, China, came second, followed by U.K., Japan and Russia. Other popular targets include Brazil, Italy, Vietnam, France and the U.S.
  • The Kaspersky Lab Anti-Phishing system was triggered 46,557,343 times on the computers of Kaspersky Lab users. The largest percentage of affected users were in Brazil (18.09%). Overall, 8.26% unique users of Kaspersky Lab products worldwide were attacked by phishing.
  • As in Q1, the main targets of phishing attacks remained the same and were primarily from the financial sector: banks, payments services and online stores.

Read more about spam and phishing in Q2 2017 on

Kaspersky Lab recommends home users install a reliable secure solution to detect and block spam and phishing attacks, such as Kaspersky Total Security.

Businesses are recommended to use security solutions with a dedicated functionality aimed at malicious attachments and spam. Small businesses can protect themselves with Kaspersky Small Office Security, Kaspersky Endpoint Security Cloud which spots and blocks emails with spam.

Larger companies can benefit from real-time cloud-assisted anti-spam scanning of all messages on Microsoft® Exchange and Linux-based email servers — with the Kaspersky Security for Mail Server application included with Kaspersky Total Security for Business.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah Kitsos

Articles related to Virus News