Ransomware – a brief introduction
Ransomware is one of the most widespread and damaging threats that internet users
face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of
file-encrypting ransomware variants delivered through spam messages and Exploit Kits,
extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early
days of Fake AV, through “Locker” variants and finally to the file-encrypting variants that are
prevalent today. Each distinct category of malware has shared a common goal – to extort
money from victims through social engineering and outright intimidation. The demands for
money have grown more forceful with each iteration.
And the financial consequences can be severe. The Hollywood Presbyterian Medical Center
reportedly paid 40 Bitcoins ($17,000) to regain access to its files, while the Kansas Heart
Hospital despite paying an undisclosed sum, was faced with a second ransom demand and
not given access to all of its files.
McAfee Labs discovered nearly 1.2 million ransomware attacks during the first
quarter of 2016, a 24 percent increase compared to the fourth quarter of 2015
A Kaspersky study during 2014 and 2015 found that total ransomware attacks
during the period of the analysis increased by 17.7 percent, but that cryptoware
variants had increased by 448 percent during that period
A US government interagency document published by the US Department of
Justice in 2016 reported that in excess of 4,000 ransomware attacks have
occurred each day since the first of the year, a 300 percent increase compared to 2015
Attackers receive an estimated 1,425 percent return on investment for exploit kit
and ransomware schemes ($84,100 net revenue for each $5,900 investment),
according to the 2015 Trustwave Global Security Report.