There appears to be no end in sight to the ransomware epidemic. New stats released by security researchers at Kaspersky Lab show that the number of users who came across crypto ransomware in the last year increased by more than 500 percent over the previous year.
The variety and volume of ransomware being deployed by attackers has continued to grow at an alarming rate in the last year or so, with pioneering strains such as CryptoLocker, CryptoWall, and others being joined by dozens of new variants. It’s difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
But the problem of ransomware itself is only getting worse, and it shows no signs of abating. Data compiled by Kaspersky researchers from the company’s cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That’s a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn’t just burst onto the scene a couple of years ago. Kaspersky’s researchers said the spike in crypto ransomware can be attributed to a small group of variants.
On the Wire Podcast: Ransomware
“Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware. In the first period, from April 2014 to March 2015, the most actively propagated encryptors were the following groups of malware: CryptoWall, Cryakl, Scatter, Mor, CTB-Locker, TorrentLocker, Fury, Lortok, Aura, and Shade. Between them they were able to attack 101,568 users around the world, accounting for 77.48% of all users attacked with crypto-ransomware during the period,” Kaspersky said in its new report.
“A year later the situation had changed considerably. TeslaCrypt, together with CTB-Locker, Scatter and Cryakl were responsible for attacks against 79.21% of those who encountered any crypto-ransomware.”
The number of enterprise users attacked by crypto ransomware also is on the rise. In 2014-15, enterprise users accounted for about 7 percent of all ransomware victims. A year later, that number had almost doubled to more than 13 percent. This change is a strategic one from the attackers’ [perspective. Most ransomware variants demand a ransom in the $75-$200 range from individual victims, with some skewing higher or lower. If an attacker gets a few victims to pay, that’s a nice day’s work. But if he can hit a corporate network and infect a few dozen or hundred machines and disrupt the operation of the business, he can collect tens of thousands of dollars in ransom at once.
Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy. Ransomware also has made its way to mobile devices, and Kaspersky’s data shows that the volume of mobile ransomware has jumped by more than 400 percent in the last year.