2013 Saw 500 Percent Increase In Ransomware

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

European Cyber Crime Centre says it is tracking a number of strains as Symantec spies uptick in the malware

There was a massive rise in malware locking people out of their machines and asking for payments in 2013, with the infamous Cryptolocker highlighting the sophistication of the malicious software.

Ransomware rose by 500 percent compared with 2012, with a peak of 861,000 infections detected in November 2013, according to Symantec’s Internet Security Threat Report. Only 0.2 percent of all ransomware seen by the firm was Cryptolocker, but it was a step up in sophistication, using RSA 2048-bit encryption to stop people getting at their files.

Prior to Cryptolocker, the Reveton strain of ransomware was the nastiest threat in this niche of the dark markets. Yet Cryptolocker, which is believed to have been created in Russia or the old Eastern Bloc, took the level of sophistication up a notch, asking for hefty payments via Bitcoin, making transactions harder to track.

European cops chasing ransomware crooks

CryptoLocker

Troels Oerting, head of the European Cyber Crime Centre (EC3), said the group was tracking various forms of ransomware outside of Cryptolocker, including a particularly aggressive strain called Powerlocker, previously known as PrisonLocker.

“The new and threatening element of this ransomware is that it has entered the “Crime-as-a-Service” (CAAS) phase. This means it will be sold as an easy to use kit so the buyers don’t have to be very cyber savvy to use it,” Oerting told TechWeekEurope.

“This in return means that the number of criminals capable of deploying the ransomware will increase significantly.

“For the time being, Powerlocker is still in development phase. Apparently the programmer created so much publicity around it on various underground blogs that he might have been arrested (no confirmation yet). Still, it is assumed that this individual was not working alone so sooner or later it will be put into circulation.”

Symantec’s report also hailed 2013 as “the year of the mega data breach”. The total number of breached rose by 62 percent over 2012, to hit 253. Eight of those cases, including the epic hacks of US retailer Target and software giant Adobe, exposed more than 10 million identities each.

Most incidents, 87, were caused by hackers, with 72 the result of mistakes at the company.

The average number of identities exposed was 4.7 million. Retail, computer software and financial businesses accounted for 77 percent of all compromised identities.

 Are you a pedant on privacy? Try our quiz!

Read also :