According to the latest reports of Kaspersky Lab security researchers, the number of users who got hit by Crypto ransomware over the past year jumped by more than five times compared to the year before.
The variety and volume of ransomware have continued to grow at an alarming rate during the past year, with pioneering strains such as CryptoLocker, CryptoWall, and other threats, being joined by multiple new versions.
In fact, it is very hard to say how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself.
The FBI has been warning PC users about Crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. At the same time, the security experts have been releasing decryption tools for specific ransomware versions and the law enforcement agencies have had some success in taking down cyber criminals. Nevertheless, the problem of ransomware itself keeps getting worse, and it shows no signs of abating.
According to the information analyzed by Kaspersky Lab researchers, from April 2015 to March 2016, the volume of Crypto ransomware encountered by users leapt from 131,111 to 718,536.
Considering the fact that ransomware is a somewhat a mature threat, this appears to be a significant increase. According to the experts from Kaspersky, the spike in Crypto ransomware can be attributed to a small group of variants.
“Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware. In the first period, from April 2014 to March 2015, the most actively propagated encryptors were the following groups of malware: CryptoWall, Cryakl, Scatter, Mor, CTB-Locker, TorrentLocker, Fury, Lortok, Aura, and Shade. Between them they were able to attack 101,568 users around the world, accounting for 77.48% of all users attacked with crypto-ransomware during the period,” the latest Kaspersky Lab report stated.
“A year later the situation had changed considerably. TeslaCrypt, together with CTB-Locker, Scatter and Cryakl were responsible for attacks against 79.21% of those who encountered any crypto-ransomware.”
The percent of enterprise users attacked by Crypto ransomware also increased. In 2014-15, enterprise users accounted for about 7% of all ransomware victims. One year later, that number had almost doubled to more than 13%. This is a strategic change from the hackers’ perspective.
Usually, ransomware versions demand a ransom in the $75-$200 range from individual victims, with some skewing higher or lower. If a hacker gets a few victims to pay, that’s a good day’s work. However, in case he succeed to hit a corporate network and infect a few dozen or hundred machines and disrupt the operation of the business, he can collect tens of thousands of dollars in ransom at once.
The recent attacks on Hollywood Presbyterian Medical Center and the University of Calgary have demonstrated the brutal effectiveness of this strategy.
Recently, ransomware has also managed to make its way to mobile devices. According to Kaspersky’s report, the volume of mobile ransomware has increased by more than 400% over the past year.
