The Global Threat Impact Index reports on the top 10 most prevalent malware attacks globally. Published monthly since November 2016, Locky has never made the list. Until now.

Check Point data shows a huge spike in worldwide Locky attacks for the month of September, impacting 11.5 percent of organizations in just one month. The malware first appeared on the scene in February 2016 and spread rapidly through a network of spam emails that pushed through a malware downloader disguised as a Word or Zip attachment. September’s activity shot Locky up 25 places on the index to come in just behind RoughTed, which has claimed top position since June of this year.

Below are the current Top 10 ‘Most Wanted’ Malware, according to the index:
Note: The arrows relate to the change in rank compared to the previous month.

  1. ↔ Roughted – Large scale Malvertising used to deliver malicious websites, scams, adware, exploit kits, and ransomware. It can attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting to deliver the most relevant attack.
    2. ↑ Locky – Ransomware that spreads via spam emails containing a downloader disguised as an Word or Zip attachment. It downloads and installs malware that encrypts user files.
    3. ↓ Globeimposter– a variant of the Globe ransomware, which encrypts files and uses a ‘.crypt’ extension. It was discovered in May 2017, and is distributed by spam campaigns, malvertising, and exploit kits.
    4. ↑ Conficker– a worm that allows remote operations and malware download. The infected machine is controlled by a botnet that contacts its Command & Control server to receive instructions.
    5. ↓ Fireball– a browser-hijacker that can be turned into a full-functioning malware downloader. It can execute any code on victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
    6. ↔ Pushdo– a trojan that infects systems and then downloads the Cutwail spam module. It can also install additional third-party malware.
    7. ↔ Zeus– a banking trojan that uses man-in-the-browser keystroke logging and form grabbing to steal banking information.
    8. ↑ Rig ek– An exploit kit that takes advantage of vulnerabilities in Flash, Java, Silverlight, and Internet Explorer. Victims are redirected to a landing page that contains JavaScript, which then checks for vulnerable plug-ins and delivers the exploit.
    9. ↓ Ramnit– a banking trojan that steals banking credentials, FTP passwords, session cookies, and personal data.
    10. ↑ Necurs – A botnet used to spread ransomware and banking trojans by spam emails.

Read the full report on September’s Most Wanted Malware on the Check Point blog.