Attacks/Breaches

6/22/2016
05:40 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware

Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.

If the near-daily vendor reports are not enough indication already of the surging growth in ransomware infections in recent times, Kaspersky Lab has some new statistics to back it up.

Using anonymized data gathered from users of its security products, researchers from Kaspersky Lab tried to identify how many of them had encountered ransomware at least once over the past 12 months, and what type of ransomware was involved with each of those infections.

For purposes of the report, the company included screen-blocker malware as well as encryption malware in its definition of ransomware.

The data analysis showed a sharp increase in ransomware infections compared to the year before. The total number of users hit by ransomware jumped 17.7%, from 1.97 million users between April 2014 and March 2015 to around 2.32 million over the same period in the following 12 months.

Much of the growth came from the proliferation of encryption malware. The number of users hit with cryptos surged more than five-fold -- from 131,111 between 2015 and 2016 to 718,536, even as the number of people hit with Win-lockers fell more than 13% percent, from 1.8 million to a shade under 1.6 million in the same period.

The increase in the overall number of people encountering ransomware as well the growing use of crypto tools instead of screen blockers spell trouble for users, Kaspersky Lab said in its report.

“The biggest difference between the two types of ransomware: blockers and encryption ransomware is that blocker damage is fully reversible,” the report noted. “Even in the worst case scenario, the owner of an infected PC could simply reinstall the OS to get all their files back.”

In contrast, encryption ransomware gives users little option but to pay up because encrypted files are almost always irrecoverable without a decryption key. The money to be made from such malware is driving the increased use of encryption malware, Kaspersky Lab said.

As recently as April 2015, crypto ransomware accounted for barely 10% of all ransomware infections. Even in October 2015, when an unprecedented 428,000 users were infected with ransomware, only about 9.38% of the victims encountered encryption ransomware.

All that has changed, however, in recent months. Numbers from a surge in ransomware attacks in March show that more than half involved the use of crypto malware, mostly associated with the TeslaCrypt campaign, according to Kaspersky Lab. In April this year, encryption malware accounted for 54% of all ransomware.

A small handful of ransomware samples are responsible for most of the problems caused by crypto-malware. Leading the pack are samples like CryptoWall, Cryaki, TorretLocker, and CTB-Locker, Kaspersky Lab said.

The security vendor’s report comes amid signs of growing corporate worry over the trend.

In a survey of 1,138 companies from various industries conducted by KnowBe4, 79% say they are highly concerned about ransomware attacks. Two-thirds claim to know someone that had been victimized by ransomware, compared to 43% who said the same thing two years ago.

The survey showed that mid-sized companies with between 250- and 1,000 employees tend to get hit harder than large and small businesses.

Related Content:

  

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David Balaban
100%
0%
David Balaban,
User Rank: Strategist
12/8/2016 | 10:08:44 AM
Re: Silver lining
I understand you mean only private computer users. I encountered locky ransomware on my working laptop. all my working files got encrypted.  I began exploring  the ransomware. Here is my conclusion: there is a lot of information on this topic in the web, including this site, but people don't understand the danger of ransomware, do not take preventive measures, and look for a solution only after their computer are already affected.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
6/23/2016 | 7:24:51 AM
Silver lining
Considering how far off we seem to be from having any decent recourse when this sort of malware hits, the only comforting idea is that it's focusing more on businesses than individuals. While businesses have more financial potential for the hackers, they also have more insurance and data stolen affects profits, not hearts and lives. 

Losing all of your family photos is devastating and irreplaceable. While losing business documents is terrible, it's far more preferable.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.