Over 120 unique families are now in existence, driving a 3,500 percent rise in campaign usage.
Ransomware is on the rise because it provides hackers with very large amounts of profit for relatively little effort. Infecting PCs can be done simply using a number of new ransomware “kits” offered on the dark web and the returns make for a lucrative investment.
Ransomware is a comparatively new form of malware that encrypts all the files you’ve stored on your computer. It then demands a payment, usually in the untraceable Bitcoin cryptocurrency, to release the encryption key necessary to regain access to the files. Ransoms can vary from a few hundred dollars to figures in the tens of thousands.
The code required to build ransomware is readily available online. There is also established infrastructure that allows attackers to host and maintain ransomware campaigns, ensuring they are able to keep infecting a steady stream of users.
A total of 124 distinct ransomware applications have been identified to date, security researcher Bart Parys told the BBC. Parys maintains a list of known ransomware utilities and campaigns. He said that while many programs are created by established groups, ransomware is increasingly being used by inexperienced cybercriminals too. These are usually running less sophisticated campaigns generate money in shorter periods of time.
Despite the rise in usage, ransomware is not growing significantly more sophisticated. Instead, attackers are said to be putting more effort into infecting victims, developing advanced phishing campaigns and infected file downloads that trick users into running seemingly benign applications.
Once ransomware is installed, it is typically very difficult for a user to remove. Ransomware utilities hook into system files to ensure they always run at start-up, locking access to your files until you pay up. Decrypting files without the encryption key is virtually impossible, although tools have been created for the most prolific ransomware campaigns.
Last month, one of the most popular ransomware applications, TeslaCrypt, unexpectedly closed down. The developer appears to have abandoned the project and has released the master decryption key online, enabling infected users to recover their files for free.
The reasoning for the unexpected move remains unclear but it is unlikely that other campaigns are going to follow suit. As cybercriminals become more experienced with using ransomware, it’s likely the number of attacks will increase further still. More platforms are likely to be affected too, including Mac and Linux PCs and mobile devices.
Security firms are continuing to investigate ways to lower the threat of ransomware and help to protect PC users who have little in the way of support. Ransomware is one of the fastest growing strains of malware ever, infecting everything from individual users to hospitals and businesses. You can protect yourself against ransomware by following security best practices such as avoiding less reputable download sites and ignoring spam emails.
