Crypto-ransomware attacks hit over 700,000 users in one year

Kaspersky Lab found a drastic increase in encryption ransomware attacks, with 718,536 users hit between April 2015 and March 2016. This is an increase of 5.5 times compared to the same period in 2014-2015, showing that crypto-ransomware has become an epidemic.

Key findings

• The total number of users encountering any type of ransomware between April 2015 and March 2016 increased by 17.7% compared to the period April 2014 to March 2015 – from 1,967,784 to 2,315,931 users around the world
• The number of users attacked with crypto-ransomware rose 5.5 times, from 131,111 in 2014-2015 to 718,536 in 2015-2016
• The share of users encountering ransomware at least once as a proportion of the total number of users encountering malware rose 0.7 percentage points, from 3.63% in 2014-2015 to 4.34% in 2015-2016
• The share of users encountering crypto-ransomware as a proportion of those encountering ransomware rose dramatically – up 25 percentage points, from 6.6% in 2014-2015 to 31.6% in 2015-2016
• The number of users attacked with blockers (ransomware that locks screens) decreased by 13.03%, from 1,836,673 in 2014-2015 to 1,597,395 in 2015-2016
• The United States, Germany, and Italy are the countries with the highest percentage of users attacked with encryption ransomware.

“The biggest problem with crypto-ransomware today is that sometimes the only way to get the encrypted data back is to pay the criminals, and victims tend to pay. That brings a lot of money into the underground ecosystem that has grown up around this malware, and as a result we are seeing new cryptors appear almost daily,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Companies and regular users can protect themselves by implementing regular backups, using a proven security solution and keeping themselves informed about current cybersecurity risks. The ransomware business model seems to be profitable and safe for criminals, and the security industry and users can change that just by implementing these basic measures,” he added.

Ransomware protection tips for consumers

• Use a reliable security solution. When using it do not turn off the advanced security features which it most certainly has. Usually these are features that enable the detection of new ransomware based on its behavior.
• Back-up is a must. The sooner back-up becomes yet another rule in your day-to-day PC activity, the sooner you will become invulnerable to any kind of ransomware.
• Keep the software on your PC up-to-date. Most widely-used applications (Flash, Java, Chrome, Firefox, Internet Explorer, Microsoft Office) and operating systems (like Windows) have an automatic updates feature. Keep it turned on, and don’t ignore requests from these applications for the installation of updates.
• Keep an eye on files you download from the Internet and receive via email, especially from untrusted sources. Make sure downloaded content has the right extension and has successfully passed the checks run by the protection solution on your PC.
• If, for some reason your files are encrypted with ransomware and you are asked to a pay a ransom, don’t pay. Look to see if a decryption tool has been created for the kind of ransomware you’ve been attacked with and also report the attack to police in order to start an investigation.

Ransomware protection tips for businesses

• Use a reliable, corporate-grade security solution and undertake regular patch management.
• Make sure to back up files often. If it is technically impossible to back-up all the files you have in the corporate network, choose the most critical (accounting documents, clients’ data, legal documents etc.), isolate them and back-up regularly.
• Educate your personnel: very often the ransomware infection happens due to a lack of knowledge about common cyberthreats and the methods criminals use to infect their victims.
• Avoid paying a ransom and report the attack to police.