New ransomware modifications increase 14%

Kaspersky Lab detected 2,896 new ransomware modifications during the first quarter, which is an increase of 14 percent on the previous quarter. In addition, the number of attempted ransomware attacks increased by 30 percent.

Locky and Petya

One of the most famous and widespread ransomware in Q1, 2016 was Locky. Kaspersky Lab detected attempts to infect users with this Trojan in 114 countries, and as of early May 2016 it remains active.

Another ransomware called Petya was interesting from a technical perspective because of its ability not only to encrypt data stored on the computer, but also to overwrite the hard disk drive’s master boot record (MBR), leaving infected computers unable to boot into the operating system.

Top ransomware families

According to Kaspersky Lab detections the top three ransomware families in Q1 were: Teslacrypt (58.4%), CTB Locker (23.5%), and Cryptowall (3.4%). All three propagate mainly through spam emails with malicious attachments or links to infected web pages.

“One of the reasons why ransomware has become so popular lies in the simplicity of the business model used by cybercriminals. Once the ransomware gets into the users’ system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters. Another threatening trend is the Ransomware-as-a-Service (RaaS) business model where cybercriminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user,” says Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team.

There is a further reason for the rise in ransomware attacks: users believe the threat is unbeatable. Businesses and individuals are not aware of the technology countermeasures that could help to prevent infection and the locking of files or systems; and by ignoring basic IT security rules they allow cybercriminals and others to profit.

Alongside an overview of the major ransomware outbreaks, Kaspersky Lab has counted the overall level of threats in Q1 2016 globally.

Malware landscape in Q1 2016

• 21.2 percent of Internet users faced web-based attacks at least once, which is 1.5 percentage points lower than in Q4, 2015.
• Kaspersky Lab solutions protected 459,970 users from cybercriminals’ fraudulent attempts to access online banking services and steal their money. This is a 23 percent decrease compared with the previous quarter.
• Cybercriminals continued to use vulnerabilities in Adobe Flash Player, Internet Explorer and Java to propagate malware. Less frequently, they used exploits for Java – according to our statistics this has decreased by 3.3 percentage points on Q4, 2015 and equals 8% of overall exploit statistics for Q1. The same statistics registered an increased use of vulnerabilities in Flash (a rise of 1 percentage point which is 6% in total) and Microsoft Office (an increase of 10 percentage points which is 15% in total).

Major mobile threats during Q1 2016

• The share of adware in overall mobile threats in Q1 equals 42.7 percent which made adware the leading mobile threat. We observed a 13 percentage point increase on the previous quarter.
• 4,146 new mobile Trojans were detected which is 1.7 times more than in the previous quarter. Also, the number of detected SMS Trojans continues to increase.
• The number of new mobile ransomware has increased 1.4 times, from 1,984 in Q4,2015 to 2,895 in Q1,2016.
• China became the most attacked country: 40 percent of Kaspersky Lab security solutions users in this country have faced a mobile threat. Also on this list are Bangladesh (28%) and Uzbekistan (21%). On the other hand, the safest countries were Taiwan (2.9%), Australia (2.7%) and Japan (0.9%).