kaptn - Fotolia

Q2 shows ransomware proliferation, Kaspersky warns

Ransomware modifications have more than doubled in the past year, the number of ransomware families has grown, and the number of attempted infections is up nearly 50%

Researchers at security firm Kaspersky detected 16,017 ransomware modifications in the second quarter of the year – more double the detections for the same period a year ago.

The new ransomware modifications, which included samples from eight new malware families, are among the key findings of the security firm’s latest quarterly cyber threat evolution report.

The increase in ransomware modifications and the appearance of new families is a dangerous sign that criminal activity is intensifying, with new malware versions emerging, the researchers said.

The report comes just days after the TexasDepartment of Information Resources (DIR) confirmed that it was leading a response to a co-ordinated ransomware attack against 23 mainly local government entities across Texas.

The attack, which began on 16 August, appears to have come from a single threat actor, but investigations into the origin of this attack are ongoing, according to an advisory released at the weekend.

Ransomware targeting smaller local government entities has proven to be profitable in recent months, encouraging further attacks of this kind, according to Corin Imai, senior security advisor at DomainTools.

“Another element granting popularity to this type of attacks is that they are relatively low cost and easy to pull off, especially when the target isn’t a large enterprise with the resources to protect its entry points, patch regularly and train its employees on email hygiene best practices,” she said.

The Kaspersky threat report also shows that the second quarter experienced a high number of ransomware infection attempts, with 232,292 unique users targeted. This represents a 46% increase compared with the same period a year ago.

The report highlights that WannaCry was the top ransomware family responsible for the most attacks in the second quarter, accounting for 23.4% of cases despite the existence of a Microsoft Windows patch that was released two months before the widespread and destructive attacks of 2017.

Another major actor was GandCrab with 13.8% share, despite its creators announcing that GandCrab was not going to be distributed from the second half of the quarter.

“In this quarter, we observed an increase in the number of new ransomware modifications, even though the GandCrab family closed down in early June,” said Fedor Sinitsyn, security researcher at Kaspersky.

“The GandCrab ransomware family has long been one of the most popular cryptors among cyber criminals. For more than 18 months, it has stayed in the list of the most rampant ransomware families we detect, but even its decline did not lower the statistics, as there are still other numerous widespread Trojans.

“The GandCrab case is a good illustration of how effective ransomware can be, with its creators stopping their malicious activity after claiming they made a tremendous amount of money by extorting funds from their victims. We expect new actors to replace GandCrab and urge everyone to protect their devices by installing software updates regularly and choosing a reliable security solution,” he said.

To reduce the risk of ransomware infection, Kaspersky advises to keep operating systems up to date to eliminate recent vulnerabilities; use a robust security solution with updated databases; refuse to pay ransom demands and looking for a decryptor instead from No More Ransom; and keep backup copies of your files up to date to replace any encrypted data.

Read more about ransomware

Read more on IT risk management

Data Center
Data Management