Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/22/2016
05:40 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware

Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.

If the near-daily vendor reports are not enough indication already of the surging growth in ransomware infections in recent times, Kaspersky Lab has some new statistics to back it up.

Using anonymized data gathered from users of its security products, researchers from Kaspersky Lab tried to identify how many of them had encountered ransomware at least once over the past 12 months, and what type of ransomware was involved with each of those infections.

For purposes of the report, the company included screen-blocker malware as well as encryption malware in its definition of ransomware.

The data analysis showed a sharp increase in ransomware infections compared to the year before. The total number of users hit by ransomware jumped 17.7%, from 1.97 million users between April 2014 and March 2015 to around 2.32 million over the same period in the following 12 months.

Much of the growth came from the proliferation of encryption malware. The number of users hit with cryptos surged more than five-fold -- from 131,111 between 2015 and 2016 to 718,536, even as the number of people hit with Win-lockers fell more than 13% percent, from 1.8 million to a shade under 1.6 million in the same period.

The increase in the overall number of people encountering ransomware as well the growing use of crypto tools instead of screen blockers spell trouble for users, Kaspersky Lab said in its report.

“The biggest difference between the two types of ransomware: blockers and encryption ransomware is that blocker damage is fully reversible,” the report noted. “Even in the worst case scenario, the owner of an infected PC could simply reinstall the OS to get all their files back.”

In contrast, encryption ransomware gives users little option but to pay up because encrypted files are almost always irrecoverable without a decryption key. The money to be made from such malware is driving the increased use of encryption malware, Kaspersky Lab said.

As recently as April 2015, crypto ransomware accounted for barely 10% of all ransomware infections. Even in October 2015, when an unprecedented 428,000 users were infected with ransomware, only about 9.38% of the victims encountered encryption ransomware.

All that has changed, however, in recent months. Numbers from a surge in ransomware attacks in March show that more than half involved the use of crypto malware, mostly associated with the TeslaCrypt campaign, according to Kaspersky Lab. In April this year, encryption malware accounted for 54% of all ransomware.

A small handful of ransomware samples are responsible for most of the problems caused by crypto-malware. Leading the pack are samples like CryptoWall, Cryaki, TorretLocker, and CTB-Locker, Kaspersky Lab said.

The security vendor’s report comes amid signs of growing corporate worry over the trend.

In a survey of 1,138 companies from various industries conducted by KnowBe4, 79% say they are highly concerned about ransomware attacks. Two-thirds claim to know someone that had been victimized by ransomware, compared to 43% who said the same thing two years ago.

The survey showed that mid-sized companies with between 250- and 1,000 employees tend to get hit harder than large and small businesses.

Related Content:

  

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David Balaban
100%
0%
David Balaban,
User Rank: Strategist
12/8/2016 | 10:08:44 AM
Re: Silver lining
I understand you mean only private computer users. I encountered locky ransomware on my working laptop. all my working files got encrypted.  I began exploring  the ransomware. Here is my conclusion: there is a lot of information on this topic in the web, including this site, but people don't understand the danger of ransomware, do not take preventive measures, and look for a solution only after their computer are already affected.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
6/23/2016 | 7:24:51 AM
Silver lining
Considering how far off we seem to be from having any decent recourse when this sort of malware hits, the only comforting idea is that it's focusing more on businesses than individuals. While businesses have more financial potential for the hackers, they also have more insurance and data stolen affects profits, not hearts and lives. 

Losing all of your family photos is devastating and irreplaceable. While losing business documents is terrible, it's far more preferable.
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22861
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted ...
CVE-2021-22862
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of ...
CVE-2021-22863
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would b...
CVE-2020-10519
PUBLISHED: 2021-03-03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the Gi...
CVE-2021-21353
PUBLISHED: 2021-03-03
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was p...