Ransomware modifications double in a year


Researchers from Kaspersky have discovered 16 017 new ransomware modifications in Q2 2019, some of which belong to eight new malware families. 

According to the security giant, this is more than double the number of new samples detected a year ago. The company’s IT Threat Evolution Q2 2019 report also revealed that over 230 000 users were attacked during this quarter, 46% more than the same period last year.

Fedor Sinitsyn, security researcher at Kaspersky, says a Trojan-ransom works well for both private and corporate attacks as its functionality is simple yet highly effective. 

“These Trojans encrypt files on a user’s computer and demand a ransom for the files to be released. The increase in malicious modifications and the appearance of new families is a dangerous sign that criminal activity is intensifying, with new malware versions emerging,” he says.

The second quarter of the year saw a high number of infection attempts. According to Kaspersky data, the countries with the largest share of attacked users were Bangladesh (9%), Uzbekistan (6%) and Mozambique (4%).

WannaCry remained the top culprit in terms of the ransomware family that attacked the most users, despite a patch being released for the Windows operating system over two years ago. GandCrab is popular too with 13.8% share, despite its creators announcing that it wasn’t going to be distributed from the second half of the quarter.

“In this quarter we observed an increase in the number of new ransomware modifications, even though the GandCrab family closed down in early June,” adds Sinitsyn. “The GandCrab ransomware family has long been one of the most popular cryptors among cyber criminals. For more than 18 months it has stayed in the list of the most rampant ransomware families we detect, but even its decline did not lower the statistics, as there are still other numerous widespread Trojans.”

The increase in malicious modifications and the appearance of new families is a dangerous sign that criminal activity is intensifying, with new malware versions emerging.Fedor Sinitsyn, security researcher at Kaspersky

He says GandCrab is a good illustration of how effective ransomware can be, with its authors stopping their malicious activity after claiming they had made a killing by extorting funds from their victims. 

“We expect new actors to replace GandCrab and urge everyone to protect their devices by installing software updates regularly and choosing a reliable security solution,” he added.

To lower the chance of infection, Kaspersky advises private users to always update their operating systems to remove recent vulnerabilities, and to use of a robust security solution with updated databases.

In addition, it advises users who fall victim to never pay the ransom, as it will only encourage attackers to continue and infect more people’s devices. 

Instead of paying the ransom, look for a decryptor on the Internet – No More Ransom has several available for free. 

“Finally, always have fresh backup copies of your files, so you can replace them in case they are lost, and store them not only on the device but also in cloud storage for greater reliability.”