Cyberattacks using the most common forms of ransomware spiked during November, continuing the ongoing trend for growth in the use of the file-encrypting malicious software by cybercriminals.
Ransomware has exploded in 2016 and is increasingly targeting business networks instead of individual users. The total cost of damages related to these attacks is set to top $1 billion this year.
According to the monthly global threat index by cybersecurity researchers Check Point, the number of attacks using the Locky and Cryptowall variants of ransomware rose by 10 percent in November when compared with the previous month.
And it’s only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers.
Locky also continues to feature as one of the world’s most prevalent forms of malware. It ranks as the second most common threat in Check Point’s index, accounting for six percent of all known attacks.
Ultimately, Locky, and other forms of ransomware, are successful for two reasons: the attacks are easy to carry out and victims are willing to pay to get their data back.
“Organizations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don’t have the right defences in place, and may not have educated staff on how to recognise the signs of a potential ransomware attack in incoming emails. This, of course, only makes it even more attractive to criminals,” says Nathan Shuchami, head of threat prevention at Check Point.
Ransomware doesn’t show any signs of slowing down, and it’s likely to only become a bigger problem in 2017.
But with under a year since it first appeared, Locky ransomware is very much a newcomer to the malware scene, especially compared with the most common form of malware during November. That accolade goes to the Conficker worm, which despite being over eight years old, still accounted for 15 percent of all known attacks during the 30-day period.
Sality, a virus which allows remote operations and downloads of additional malware to infected systems in order to deliver furthers malicious payloads to others, was the third most common threat during November, accounting for five percent of all attacks.
While ransomware runs riot, it was the Ramnit banking Trojan which saw the largest increase in attacks during November, coming in at number six for its first appearance on Check Point’s list. The number of Ramnit infections has more than doubled since October, with those behind the malware using it to steal banking credentials, passwords, and other data from victims.
The Global Threat Index also details the most significant malware threats to businesses via mobile devices, with the HummingBad Android malware remaining the most common form of attack against mobile devices.
Second on the mobile threat list was Triada, a backdoor for Android which grants super-user privileges to downloaded malware and spoofs URLs, and third was by Ztorg, a Trojan which downloads and installs applications on the phone without the user’s knowledge.
Read more on cybercrime
- How Bitcoin helped fuel an explosion in ransomware attacks
- How to tell if your Android phone has the HummingBad malware [CNET]
- ‘Massive’ Locky ransomware campaign targets hospitals
- Ransomware: The smart person’s guide [TechRepublic]
- Ransomware-as-a-service allows wannabe hackers to cash-in on cyber extortion