Kovter Ransomware Soars in Q2

Written by

Q2 witnessed a major spike in ransomware with infections reaching over 43,000 on a single day at the height of activity related to the notorious Kovter variant, according to the latest data from threat protection firm Damballa.

The firm’s Q2 State of Infections report claimed Kovter infections reached a high of 43,713 on a particular day last quarter, with average daily infections increasing by 153% from April to May alone.

By June, the average daily infection count was at 37,733 – a considerable increase from April’s figure of 9,783 and a 52% increase from May (24,825).

“Damballa’s Threat Research team noted a steady uptick in ransomware infections over the past 18 months, culminating during Q2 2014,” it said.

“Ransomware is popular because it provides criminals with a quick, low-risk pay-off. Malware authors can tally up to $1,000 per victim and ransom is paid via untraceable electronic currency.”

Kovter was first discovered last year. This particular ransomware variant typically targets visitors to adult websites.

It locks the phone or PC and then displays a message saying the user has broken the law and will need to pay a fine to unlock the device.

To make the threat more realistic, Kovter typically scours the user’s browser history for adult content and displays any on a splash screen. If there’s none, it will redirect the browser to an adult site and collect content from there.

Since its appearance, other ransomware has surfaced, seemingly taking its cue from Kovter.

Damballa also gave an update to Operation Torvar, the major initiative by law enforcement and anti-malware industry players to disrupt the Gameover Zeus and Cryptolocker botnet.

Worryingly, the firm has spotted a new variant of Gameover Zeus featuring a new Domain Generation Algorithm set-up, trying to build a new botnet.

“This is to be expected. Threat actors are cunning human adversaries who can adapt. History tells us they will continue to upgrade, update and improve their malware,” the report noted.

“That doesn’t mean we should give [in]. When the opportunity exists to go after the bad guys, we must seize it.”

What’s hot on Infosecurity Magazine?