Ransomware news has become the main topic of discussion for Q1 2016. The Kaspersky Lab’s Q1 malware report reveals that 2,900 new malware modifications have been discovered during this quarter, which is a 14% increase compared to the previous one. Currently, the database of Kaspersky Lab includes approximately 15 thousand ransomware modifications and the number continues to grow.
During the first quarter of 2016, Kaspersky Lab security solutions prevented 372,602 ransomware attacks on users, 17% of which targeted the corporate sector. When compared to Q4, 2015, the number of attacked users increased by 30%.
Among the most widespread ransomware in Q1, 2016 was Locky. The products of Kaspersky Lab detected attempts to infect users with this Trojan in 114 countries, and as of early May 2016 it is still active.
Petya is another famous ransomware which was interesting from a technical perspective due to its ability not only to encrypt data stored on the PC, but also to overwrite the hard disk drive’s master boot record, leaving the infected computers unable to boot into the operating system.
The findings of Kaspersky Lab reveal that the top three ransomware families in Q1 were: Teslacrypt (58.4%), CTB-Locker (23.5%), and Cryptowall (3.4%). Usually, these three are distributed via spam emails with malicious attachments or links to infected websites.
“One of the reasons why ransomware has become so popular lies in the simplicity of the business model used by cybercriminals. Once the ransomware gets into the users’ system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters. Another threatening trend is the Ransomware-as-a-Service (RaaS) business model where cybercriminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user,” says Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team.
Another reason for the rise in ransomware attacks is the fact that users believe the threat is unbeatable. Businesses and individuals are not aware of the technology countermeasures which could help to prevent infection and the locking of files or systems. Besides, by ignoring the basic IT Security rules, users allow hackers to make profit.