The number of users affected by ransomware has increased by 30% in the first three months of this year. The Russian AV firm Kaspersky Lab said it’s security systems prevented more than 370,000 attacks on users in Q1 2016, 7% of which were aimed at the corporate sector.
During this period their systems also detected 2,900 new malware ‘modifications’ in total, a 14% increase on the previous quarter.
The “Locky ransomware” variant was detected in 114 countries. However, it was Teslacrypt (58%), CTB-Locker (24%) and Cryptowall (3%) that took the top three spots.
Kaspersky Lab chief security expert, Aleks Gostev claimed one of the main reasons ransomware has become so popular is the simplicity of its business model. “Once the ransomware gets into the users’ system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters,” he added.
“Another threatening trend is the Ransomware-as-a-Service (RaaS) business model where cyber-criminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user.”
Although mainly spread via spam e-mails, there are an increasing number of cases of hacked websites and the level of complexity used.
Many website owners get compromised with ransomware by not properly maintaining their websites. The level of complexity often surpasses the knowledge of it personnel so it may take months and even years without being noticed. Your website continues to operate but has hidden links serving up and distributing malicious software. You are responsible for the content on your website, knowingly or unknowingly.
Most people are also oblivious to the fact that they can get sued for knowingly or unknowingly distributing malware. So if someone visits a URL on your website, and becomes infected, you may be liable.
Eldon Sprickerhoff, chief security strategist at eSentire, advised users to ensure systems and applications are always up-to-date with the latest patches in order to minimize risk, including websites.
“In the case of Maisto users visiting the site with an outdated computer were vulnerable to infection,” he added. “It was not Maisto’s intention to host malware, but due to weaknesses within their website, they were made the vector of the attack. These kinds of ransomware threats will become more prevalent.”
So it seems the “ransomware” business will only grow, the prospect of earnings is very high and the risk of getting caught are very low, and the equipment needed is minimal.