The number of people conned on the internet is at its peak

The number of people conned on the internet is on the rise. According to the Kaspersky Lab quarterly IT threat evolution report (Q3), the number of users who encountered encrypting ransomware doubled reaching 821 865 people.

“Crypto ransomware continues to be one of the most dangerous threats, both to private users and to businesses. The recent jump in the number of attacked users may have been provoked by the fact that the number of modifications of ransomware we detected in Q3 – more than 32 thousand modifications – was 3.5 times more than in Q2. This may be due to the fact that security companies nowadays invest a lot of resources into being able to detect new samples of ransomware as fast as possible. Criminals must therefore avoid detection by creating more new modifications of their malware,” said Fedor Sinitsyn, ransomware expert at Kaspersky Lab.

Encrypting ransomware – malware that encrypts a victim’s files and demands a ransom in exchange for file decryption – is still one of the most widespread types of activity which modern cybercriminals are involved in. It has a relatively low development cost and can yield a potentially high income if it results in successful infection.

Besides increasing their number of people conned on the internet, criminals are also exploring new geographies. In Q3 the top five countries with the highest percentage of users attacked with encrypting ransomware were: Japan (4.83%), Croatia (3.71%), South Korea (3.36%), Tunisia (3.22%) and Bulgaria (3.2%). In the previous quarter, first place was held by Japan, while the second, third and fourth were held by Italy, Djibouti and Luxembourg. These three countries left the top five in Q3 to give way to others.

The main driver of growth in the number of attacked users was Trojan-Downloader.JS.Cryptoload – a family of downloaders written in the JavaScript language and capable of downloading different families of crypto ransomware. The most widespread of these in Q3 included CTB-Locker (28.34% of attacked users), Locky (9.6%) and CryptXXX (8.95%).

Leave a reply

Your email address will not be published. Required fields are marked *