IBM’s Security Intelligence has published an article discussing the evolution of banking Trojans, which began a little over a decade ago with the Zeus commercial banking Trojan and have become increasingly sophisticated both in terms of their code and the organized gangs who wield them. While threat actors once primarily used banking Trojans to steal money from corporate accounts, today they are increasingly using them to conduct targeted ransomware attacks that can entail exorbitant payment demands. In its discussion, the article poses an often-overlooked question: “Why are attackers using so many stages to infect users instead of a direct hit with ransomware?” As the article explains, “They are doing this to have better control of the attack, to evade controls and detection, and to be able to plant the seeds of a ransomware operation that encompasses enough devices to entice victims to pay.” And this approach has paid off, as the article notes, with the threat actors behind the Ryuk ransomware (which has been paired with the Emotet and TrickBot banking Trojans, among others) amassing over $3.7 million in the span of five months. Given that operations combining banking Trojans and ransomware have proven so successful and lucrative, the article concludes they are likely to continue and even increase. To combat this threat, it recommends organizations should stay up to date with the rapidly evolving threat landscape by utilizing the latest threat intelligence. It also encourages companies to ensure the security of users’ identities on company networks and across the internet. Read the article at IBM Security Intelligence.