Cyber-criminals Offer Christmas Ransomware Discount

Cyber-criminals appear to be getting into the Christmas spirit, with one group offering ransomware victims who intend to pay a festive discount of more than half the original cost.

Security vendor Forcepoint spotted the seasonal campaign from the black hats behind the CryptXXX ransomware variant.

Whereas the group typically charges victims 1.2 Bitcoin ($1040) to get their files back, the special Christmas price is now 0.5 Bitcoin ($433).

The new pop-up window apparently displays once the user has decided to pay up and clicks through to one of the Tor-based payment sites.

CryptXXX is one of the few ransomware families that security researchers have had success with, releasing a decryptor tool for it back in May.

However, that effort and a second tool were both rendered useless by new versions of the ransomware developed to circumvent these efforts.

In the meantime, ransomware continues to cause businesses and consumers chaos and misery.

There was one attack every 40 seconds on businesses by Q3 and one in 10 seconds targeting consumers, according to Kaspersky Lab.

Meanwhile, Trend Micro claimed new ransomware families spiked an astonishing 400% between January and September this year, thanks to code that was made publicly available.

However, the vendor predicted more modest growth of 25% in 2017 – translating as an average of 15 new families each month.

It also claimed that cyber-criminals would increasingly look to Business Email Compromise (BEC) scams to generate larger profits.

The average payout for a successful BEC or CEO fraud attack is $140,000, versus just one Bitcoin ($869) for a ransomware attack, the vendor said in its 2016 predictions report.

This year, the true scale of the ransomware epidemic in the UK began to emerge, thanks to a series of Freedom of Information (FoI) requests from various parties.

Over half of the country’s universities have been hit by at least one attack in the past year, while 47% of NHS Trusts claimed the same.

Also, at least 30% of UK councils fell victim in 2015, according to separate research.

What’s Hot on Infosecurity Magazine?