Ransomware is now the biggest cybersecurity threat

Simple attacks plus user willingness to pay ransoms to get their files back means ransomware is on the rise, warn Kaspersky researchers.
Written by Danny Palmer, Senior Writer

Ransomware infections like CTB-locker are on the rise.

Image: Cisco/Talos Group

Ransomware has replaced advanced persistent threat (APT) network attacks as the most problematic cyberthreat -- and early indications suggest that they'll be the main problem for 2016 as a whole, cybersecurity researchers from Kaspersky Lab have warned.

The findings are outlined in Kaspersky Lab's IT Threat Evolution in Q1 2016 report, which details how security experts detected 2,900 new ransomware malware modifications appearing between January and March this year -- a rise of 14 percent.

Not only is malware increasingly altering itself -- thus making ransomware attacks more difficult to defend against -- but also the number of attacks are rising, with the number of attacked users up by 30 percent compared with the previous quarter.

It's clear that ransomware has become a more significant issue in early 2016, with various high-profile infections being widely reported which led to the United States and Canada issuing a joint alert on ransomware.

That alert came following the appearance of new strains of malware, such as Petya, a particularly vicious infection which goes further than most by not only locking down files, but completely removing access to hard drives and operating systems. Kaspersky researchers have labelled this ability to apply full disk encryption as the "most significant technical innovation in ransomware".

According to detections by Kaspersky Lab researchers, the top three ransomware families during the first quarter of the year were: Teslacrypt (58.4 percent), CTB-Locker (23.5 percent), and Cryptowall (3.4 percent). All three of these mainly infected users through spam emails with malicious attachments or links to infected web pages.

One of the most high-profile ransomware victims in 2016 so far was the Hollywood Presbyterian Medical Center, with the Los Angeles hospital forced to declare an "internal emergency" after its IT systems were locked down and held to ransom by hackers.

According to Aleks Gostev, chief security expert in Kaspersky'sglobal research and analysis team, one of the reasons ransomware is on the rise is because it works: people will pay a ransom rather than lose access to their personal data.

"Once the ransomware gets into the users' system, there is almost no chance of getting rid of it without losing personal data," Gostev said. "The demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters."

Gostev also pointed to the rise of malware-as-a-service as a significant factor in the rise of ransomware attacks -- because it allows almost anyone to infect a system and demand payment.

"Another threatening trend is the ransomware-as-a-service (RaaS) business model where cybercriminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user," he said.

Kaspersky also suggests that another key factor in ransomware becoming so successful is that users aren't aware they can beat the infection without handing over a ransom.

"Businesses and individuals are not aware of the technology countermeasures that could help to prevent infection and the locking of files or systems," researchers said.

Read more on cybercrime

Editorial standards