10 Shocking New Facts About Ransomware
Ransomware has taken over the cybercriminal world in the last few years and there's no end in sight.
February 8, 2016
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt9a1b9f60c5773d0f/64f0db41705b0e7d144ca36d/Adobe_Flash_Player_v10_icon.png?width=700&auto=webp&quality=80&disable=upscale)
A lot of ransomware growth can be attributed to the one-two punch of exploit kits like Angler, Nuclear and Magnitude bundled up with ransomware payloads. This is especially the case with Angler, which is the top exploit kit in the market by a magnitude of about 3x. Cisco reports that 60% of Angler payloads are ransomware. Much of Angler and its ilk's success has been tied to their successful exploitation of Adobe Flash. In fact, eight of the top 10 vulnerabilities used by exploit kits last year were Flash-related.
While phishing remains a huge delivery vehicle of ransomware, last year malvertising gained steam as a popular technique for ransomware distribution. The year was studded with news releases (examples here, here and blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/" target="_blank">here) from various security research outlets of ever new malvertising campaigns that typically led to victims getting owned by malware exploit kits that then dropped malware onto infected systems.
Not only is ransomware extortion lucrative, but it doesn't take much of an initial investment to get into, either. In fact, last year saw a new innovation within the cybercriminal black market as ransomware-as-a-service gave criminals the option to pick up the technology for free so long as they gave developers a cut of their earnings. Think of it as a modified freemium pay model, if you will.
Cybercrooks know that valuable data doesn't just sit on PCs these days, so you bet your sweet crypto they're going to develop it for other platforms. Already there have been instances of ransomware designed for mobile devices and Linux ransomware that targets web servers -- a particularly lucrative prospect when striking incautious businesses who've failed to back-up mission critical web properties. And most recently, a Javascript form of malware called Ransom32 has been written based on a Node.js framework in such a way that will make it easy to port to Linux and OSX.
There's probably no more embarrassing way to get a phone bricked by ransomware than through an inability to curb certain, ahem, urges while on the go. But that is exactly what's happening according to researchers at Zscaler who have found that certain porn apps on android are actually no more than a masquerade for ransomware. Even worse, some of them are automatically taking unauthorized selfies of users and using those in ransom letters to make sure they pay up.
The porn apps taking blackmail selfies is just a hint of the dark direction ransomware is likely to take in the coming months. In another example, the latest version of CryptoWall and other similar strains have upped the ante by threatening to not only leave users without access to their data but also to publish it online if they don't answer the criminal's demands. Now users won't just be desperate to save data. In many instances they'll so anxious to save face they will gladly fork over their dough.
Cyberextortion and blackmail are hardly new things, but cybercriminals have just about perfected their techniques of extracting money from the masses through the use of ransomware. Businesses and everyday folk all rely on data that rests on their PCs, mobile devices and web servers more and more each day. Maybe not enough to reliably back it up, but certainly enough to go into a blind panic when criminals encrypt their data and dangle the prospect of a decryption key for a fee. The fear is palpable and pervasive enough for the crooks to make a killing off the practice.
Find out more about cybercrime at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.
The cost to decrypt a drive struck by ransomware varies in cost, but generally averages around $500. Consider that Edmunds last year put the average monthly car payment at $483 and that gives some pretty good perspective as to how much people are willing to pay to get control back over their sweet, sweet data stores.
Ransomware has grown so sophisticated and bulletproof over the last couple of years that even the top law enforcers in the U.S. admit there's not much to be done if you're unprepared and hit by ransomware. Last fall the FBI said that it suggests to consumers or businesses caught with their proverbial pants down to just pay the blackmailers if they want to access their data.
Researchers with Bromium report that the prevalence of ransomware more than doubled in 2015 and has increased six-fold since 2013. Ransomware is so pervasive because criminals are absolutely raking it in. One estimate showed that a single flavor of ransomware, Cryptowall 3.0, made over $325 million from US victims in 2015 alone. That's more than FireEye paid for iSight Partners in January. That sale was for $200 million.
Researchers with Bromium report that the prevalence of ransomware more than doubled in 2015 and has increased six-fold since 2013. Ransomware is so pervasive because criminals are absolutely raking it in. One estimate showed that a single flavor of ransomware, Cryptowall 3.0, made over $325 million from US victims in 2015 alone. That's more than FireEye paid for iSight Partners in January. That sale was for $200 million.
A lot of ransomware growth can be attributed to the one-two punch of exploit kits like Angler, Nuclear and Magnitude bundled up with ransomware payloads. This is especially the case with Angler, which is the top exploit kit in the market by a magnitude of about 3x. Cisco reports that 60% of Angler payloads are ransomware. Much of Angler and its ilk's success has been tied to their successful exploitation of Adobe Flash. In fact, eight of the top 10 vulnerabilities used by exploit kits last year were Flash-related.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024