It doesn’t come as a surprise that Russian cybercriminals are extremely active when it comes to malware creation, but the fact that 75% of all ransomware infections are made in Russia is still shocking.
Anton Ivanov, a senior malware analyst at Kaspersky Lab, said that out of 62 different ransomware families that his company stumped across during 2016, 47 (75%) were created either by Russians or by Russian-speaking people.
“This conclusion is based on our observation of underground forums, command and control infrastructure, and other artefacts which can be found on the web. It is hard to draw strong conclusions on why so many of the ransomware families out there have a Russian origin, but it is safe to say that this is because there are a lot of well-educated and skilled code writers in Russia and its neighboring countries.” – reads Kaspersky’s analysis.
In addition, according to Kaspersky, the 62 ransomware families managed to attack more than 1.4 million users all over the world for 2016 alone. However you see it, this huge number of victims both individuals and companies, either paid up the ransom demanded or they lost they files forever. And, Russian-speakers are responsible for 75% of the ransomware pieces used for all these attacks.
Of course, there are ways to defeat ransomware. For example, for certain ransomware variants, experts have created free decryption tools which victims can use to recover their locked data. Moreover, there are initiatives like the No Mo Ransom one, which provides free assistance for everyone who is trying to defeat the file-encrypting parasite on their device.
Furthermore, Kaspersky analyzed the frequency of the attacks that occurred in 2016 and got to the conclusion that an individual user was hit by ransomware on average 10 seconds, while organizations and business were attacked about every 40 seconds. Based on this data, the researchers say that the attack frequency has not only significantly increased over the past years but they are also noticing spikes throughout the year.
Ransomware infections have been around for 10 years already. They are not what we call a new malware type. However, as time passes and the crooks are creating more and more advanced pieces, they discover just how profitable this “business” can be.