Kaspersky Lab has confirmed what many had feared with new stats claiming a five-fold rise in the number of users encountering crypto-ransomware in the period of just a year.
The Russian AV firm analyzed global users of its products with the Kaspersky Security Network feature enabled and compared two 12-month periods: April 2014-March 2015 and April 2015-March 2016.
When looking at ransomware as a whole – both encryption and ‘Windows blockers’ types – the number of users encountering the malware rose over 17% during the period, from 1.97 million to 2.3m.
For crypto-ransomware, which has almost become the de facto choice for black hats today, the number of users attacked rose 5.5-times – from 131,111 in 2014-2015 to 718,536 in 2015-2016, the firm claimed.
As if to highlight the popularity of this type of ransomware among cyber-criminals, the share of users encountering crypto-ransomware as a proportion of those encountering ransomware in general soared from 6.6% to 31.6% over the same period.
The figures seem relatively small on the global scale, but they are only those of Kaspersky Lab customers. Trend Micro, for example, claimed this week to have blocked 100 million ransomware threats for its global customers in the past six months.
Kaspersky Lab researcher Jornt wan der Wiel explained further the reason for the relatively low number.
“When Kaspersky Lab finds new malware, this is generally through automated detection and analysis. One such classification is ‘Trojan-Ransom’, and this is the category into which we put ransomware samples. This process relies on generic verdicts and these verdicts don’t differentiate between ransomware and other types of malware,” he told Infosecurity by email.
“Further, ransomware, like most other malware, works with droppers and downloaders. So if, for example, the ransomware is downloaded via a word document, and the AV already blocks this, then the ransomware is never downloaded and will not show up in the statistics.”
Given the apparently high RoI from ransomware – with many individuals and organizations deciding to pay up rather than lose their data – it’s perhaps no surprise that it continues to be a favored money-making tactic for the black hats.
Back in April, the FBI told CNN that its own estimates put losses to the cybercrime underground at $209 million in the first three months of the year alone.
The agency also warned that the usual fee of a few hundred dollars has been known to rise if ransomware authors believe the victim organization will pay it.
The Hollywood Presbyterian Medical Center famously paid around $17,000 to unlock its systems after being infected.
Organizations were urged to take preventative measure such as to back-up essential data – whilst ensuring one copy is always offline – use corporate-grade security, patch regularly, educate employees not to open suspicious emails.
In the event of infection, firms were advised by Kaspersky Lab not to pay the ransom and instead inform the police.