Ransomware modifications double year-on-year in Q2 2019

News by Mark Mayne

Ransomware threats continue to evolve at an accelerated rate, according to security researchers

Far from being a spent force, ransomware threats are very much on the charge, according to new figures that show a doubling of new samples over the same time last year. 

Kaspersky researchers detected 16,017 new ransomware modifications in Q2 2019, which included eight entirely new malware families – more than double the number of new samples detected a year ago, in Q2 2018 (7,620). In addition, more than 230,000 users were attacked during the quarter, a rise of 46 percent more than a year ago, in Q2 2018 (158,921). 

"It’s too early to say that this is a trend," noted David Emm, principal security researcher at Kaspersky.

"In the period of 2015 - 2017, the number of ransomware variants rose to the point where we were seeing hundreds of thousands of modifications each month. However, in 2018 we started to see a marked drop in numbers – both in terms of new modifications being created and in terms of attacks blocked on customer devices," Emm told SC Media UK.

The number of people who encountered ransomware in 2017- 2018 fell by almost 30 percent compared to 2016- 2017. However, this does not indicate that ransomware is going away, said Emm. 

"In the same period, we saw a shift away from ransomware attacks on individuals towards targeted attacks on businesses – something that can be much more lucrative for cybercriminals. The drop in numbers is less to do with companies and individuals implementing sound backup practices than in a ‘less is more’ strategy of targeting businesses. While it’s worrying to see an increase in modifications and the number of people attacked in Q2 2019, this doesn’t necessarily mark a trend," he explained.

Felix Rosbach, product manager at comforte AG, told SC Media UK that ransomware does indeed remain a force to be reckoned with. 

"While a lot of companies are aware of ransomware and develop strategies to prevent attacks and recover quickly, it still is a very effective attack. Even with having a sophisticated backup strategy in place, the costs and resources needed to do a complete rollback after a successful ransomware attack can be higher than paying the ransom. Even if sending payments to attackers is never a good idea, the increase of modifications and ransomware-as-a-service offerings in the dark web shows that there still is a market with some companies willing to pay the ransom to continue their business," said Rosbach.

According to the Kaspersky IT Threat Evolution Q2 2019 report, the most active ransomware family encountered by users in Q2 2019 is still WannaCry (23.4 percent cases), in spite of the vulnerability being patched by Microsoft months before the global attacks two years ago. This implies that older and unpatched systems are still particularly vulnerable, a fact reflected in the countries with the largest share of attacked users, being Bangladesh (9 percent), Uzbekistan (6 percent) and Mozambique (4 percent).

"Not only have ransomware attacks been growing, but the amounts they have been demanding has been getting higher, and there has been more specific targeting of victims," said Paul Edon, senior director (EMEA) at Tripwire.  

"Recently Florida city agreed to pay US$600,000 (£500,000) in ransomware after being affected. This rise in ransomware modifications might be a direct result of how profitable these attacks can be. After all, cybercrime in general – and ransomware in particular – is motivated by monetary gain," Edon told SC Media UK.

Prevention is important when it comes to ransomware, as recovery from backups is not a cheap option for many cities and enterprises, he said. 

"With many infections spreading through phishing, training users to be able to spot and report suspected attempts is the first line of defence before technical controls." 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews