CyberCrimeSecurity

Ransomware Attacks Show Threefold Increase In 2016

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Ransomware attacks developed significantly in 2016, both in prevalence and sophistication, making it the threat of the year for businesses worldwide.

Ramsomware attacks on businesses increased three-fold in 2016, equal to one every 40 seconds, according to Kaspersky Lab’s Story of the Year report.

62 new families of ransomware were introduced during the year, with the threat growing aggressively thanks partly to the rise of the ransomware-as-a-service business model, giving criminals who would otherwise lack the skills and resources to develop their own malware a way in to the industry.

“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Victims often pay up so money keeps flowing through the system. Inevitably this has led to us seeing new cryptors appear almost daily.”

cyber attack (2)

A growing threat

Ransomware developed significantly throughout 2016, becoming more sophisticated and tightening its hold on data and devices.

According to Kaspersky’s report, one in every five businesses worldwide suffered some kind of ransomware attack, with the education and retail and leisure sectors showing the highest rates of attack at 23 per cent and 16 per cent respectively. Worryingly, one  in five small businesses never got their files back after paying the ransom.

There were also new approaches to ransomware seen for the first time. One such example is disk encryption, where attackers encrypt or block access to all of a businesses files at once, rather than just a select few. The Dcryptor malware, also known as Mamba, went one step further and locked down the entire hard drive, with the attackers then able to brute-force passwords for remote access to a victims machine.

In addition, the Shade ransomware was able to actually change its approach to a victim mid-attack. For example, if the infected computer turned out to belong to a financial services firm, it would change tact by downloading and installling spyware instead of encrypting the files.

2016 has undoubtedly been the year of ransomware. Earlier in the year, ESET researchers warned that the UK was becoming a prime target for attack and a recent Malwarebytes study found that nearly 40 percent of enterprises around the world had been hit by ransomware in the previous 12 months.

Quiz: Are you a security pro?