Novicus

Ransomware by Numbers

Ransomware header

2016 saw ransomware run rampant across the globe, with more sophisticated attacks than ever before. Changes to ransomware variants now include total disk encryption as well as network aware scanning able to target shares on remote computers. A report by Kasperksy labs for 2016 has seen the main focus on ransomware variants throughout the year far exceeding any other form of attack with the focus on businesses.

The number speak for themselves

Growth in sophistication

2016 saw ransomware grow in sophistication for example: changing tactics if it encountered financial software, written in scripting languages and exploiting new infection paths, becoming more targeted, and offering turn-key ransomware-as-a-service solutions to those with fewer skills, resources or time through an underground ecosystem.

The fight back

In July the No More Ransom project was launched, bringing together law enforcement agencies, Intel Security and Kaspersky Labs. 13 more organizations joined in October. Among other things, the collaboration has resulted in a number of free online decryption tools that have help tens of thousands ransomware victims recover their precious data.

What is ransomware.

Ransomware comes in two forms. The most common form of ransomware is the cryptor. These programs encrypt data on the victim’s device and demand money in return for a promise to restore the data. Blockers, by contrast, don’t affect the data stored on the device. Instead, they prevent the victim from accessing the device. The ransom demand, displayed across the screen, typically masquerades as a notice from a law enforcement agency, reporting that the victim has accessed illegal web content and indicating that they must pay a spot-fine. You can find an overview of both forms of ransomware here.

As of October 2016, the top ransomware families detected by Kaspersky Lab products look like this:

NameVerdicts*percentage of users**
1CTB-LockerTrojan-Ransom.Win32.Onion /
Trojan-Ransom.NSIS.Onion
25.32
2LockyTrojan-Ransom.Win32.Locky /
Trojan-Dropper.JS.Locky
7.07
3TeslaCrypt (active till May 2016)Trojan-Ransom.Win32.Bitman6.54
4ScatterTrojan-Ransom.Win32.Scatter /
Trojan-Ransom.BAT.Scatter /
Trojan-Downloader.JS.Scatter /
Trojan-Dropper.JS.Scatter
2.85
5CryaklTrojan-Ransom.Win32.Cryakl2.79
6CryptoWallTrojan-Ransom.Win32.Cryptodef2.36
7ShadeTrojan-Ransom.Win32.Shade1.73
8(generic verdict)Trojan-Ransom.Win32.Snocry1.26
9CrysisTrojan-Ransom.Win32.Crusis1.15
10Cryrar/ACCDFISATrojan-Ransom.Win32.Cryrar0.90

* These statistics are based on the detection verdicts returned by Kaspersky Lab products, received from usersof Kaspersky Lab products who have consented to provide their statistical data.
** Percentage of users targeted by a certain crypto-ransomware family relative to all users targeted with crypto-ransomware.

Why bother with a file when you can have the disk?

For some tips on how to help protect yourself and your data see Ransomware – Prevention of data loss

 

Exit mobile version