Attacks/Breaches

6/22/2016
05:40 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware

Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.

If the near-daily vendor reports are not enough indication already of the surging growth in ransomware infections in recent times, Kaspersky Lab has some new statistics to back it up.

Using anonymized data gathered from users of its security products, researchers from Kaspersky Lab tried to identify how many of them had encountered ransomware at least once over the past 12 months, and what type of ransomware was involved with each of those infections.

For purposes of the report, the company included screen-blocker malware as well as encryption malware in its definition of ransomware.

The data analysis showed a sharp increase in ransomware infections compared to the year before. The total number of users hit by ransomware jumped 17.7%, from 1.97 million users between April 2014 and March 2015 to around 2.32 million over the same period in the following 12 months.

Much of the growth came from the proliferation of encryption malware. The number of users hit with cryptos surged more than five-fold -- from 131,111 between 2015 and 2016 to 718,536, even as the number of people hit with Win-lockers fell more than 13% percent, from 1.8 million to a shade under 1.6 million in the same period.

The increase in the overall number of people encountering ransomware as well the growing use of crypto tools instead of screen blockers spell trouble for users, Kaspersky Lab said in its report.

“The biggest difference between the two types of ransomware: blockers and encryption ransomware is that blocker damage is fully reversible,” the report noted. “Even in the worst case scenario, the owner of an infected PC could simply reinstall the OS to get all their files back.”

In contrast, encryption ransomware gives users little option but to pay up because encrypted files are almost always irrecoverable without a decryption key. The money to be made from such malware is driving the increased use of encryption malware, Kaspersky Lab said.

As recently as April 2015, crypto ransomware accounted for barely 10% of all ransomware infections. Even in October 2015, when an unprecedented 428,000 users were infected with ransomware, only about 9.38% of the victims encountered encryption ransomware.

All that has changed, however, in recent months. Numbers from a surge in ransomware attacks in March show that more than half involved the use of crypto malware, mostly associated with the TeslaCrypt campaign, according to Kaspersky Lab. In April this year, encryption malware accounted for 54% of all ransomware.

A small handful of ransomware samples are responsible for most of the problems caused by crypto-malware. Leading the pack are samples like CryptoWall, Cryaki, TorretLocker, and CTB-Locker, Kaspersky Lab said.

The security vendor’s report comes amid signs of growing corporate worry over the trend.

In a survey of 1,138 companies from various industries conducted by KnowBe4, 79% say they are highly concerned about ransomware attacks. Two-thirds claim to know someone that had been victimized by ransomware, compared to 43% who said the same thing two years ago.

The survey showed that mid-sized companies with between 250- and 1,000 employees tend to get hit harder than large and small businesses.

Related Content:

  

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David Balaban
100%
0%
David Balaban,
User Rank: Strategist
12/8/2016 | 10:08:44 AM
Re: Silver lining
I understand you mean only private computer users. I encountered locky ransomware on my working laptop. all my working files got encrypted.  I began exploring  the ransomware. Here is my conclusion: there is a lot of information on this topic in the web, including this site, but people don't understand the danger of ransomware, do not take preventive measures, and look for a solution only after their computer are already affected.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
6/23/2016 | 7:24:51 AM
Silver lining
Considering how far off we seem to be from having any decent recourse when this sort of malware hits, the only comforting idea is that it's focusing more on businesses than individuals. While businesses have more financial potential for the hackers, they also have more insurance and data stolen affects profits, not hearts and lives. 

Losing all of your family photos is devastating and irreplaceable. While losing business documents is terrible, it's far more preferable.
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.