Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware

Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.

If the near-daily vendor reports are not enough indication already of the surging growth in ransomware infections in recent times, Kaspersky Lab has some new statistics to back it up.

Using anonymized data gathered from users of its security products, researchers from Kaspersky Lab tried to identify how many of them had encountered ransomware at least once over the past 12 months, and what type of ransomware was involved with each of those infections.

For purposes of the report, the company included screen-blocker malware as well as encryption malware in its definition of ransomware.

The data analysis showed a sharp increase in ransomware infections compared to the year before. The total number of users hit by ransomware jumped 17.7%, from 1.97 million users between April 2014 and March 2015 to around 2.32 million over the same period in the following 12 months.

Much of the growth came from the proliferation of encryption malware. The number of users hit with cryptos surged more than five-fold — from 131,111 between 2015 and 2016 to 718,536, even as the number of people hit with Win-lockers fell more than 13% percent, from 1.8 million to a shade under 1.6 million in the same period.

The increase in the overall number of people encountering ransomware as well the growing use of crypto tools instead of screen blockers spell trouble for users, Kaspersky Lab said in its report.

“The biggest difference between the two types of ransomware: blockers and encryption ransomware is that blocker damage is fully reversible,” the report noted. “Even in the worst case scenario, the owner of an infected PC could simply reinstall the OS to get all their files back.”

In contrast, encryption ransomware gives users little option but to pay up because encrypted files are almost always irrecoverable without a decryption key. The money to be made from such malware is driving the increased use of encryption malware, Kaspersky Lab said.

As recently as April 2015, crypto ransomware accounted for barely 10% of all ransomware infections. Even in October 2015, when an unprecedented 428,000 users were infected with ransomware, only about 9.38% of the victims encountered encryption ransomware.

All that has changed, however, in recent months. Numbers from a surge in ransomware attacks in March show that more than half involved the use of crypto malware, mostly associated with the TeslaCrypt campaign, according to Kaspersky Lab. In April this year, encryption malware accounted for 54% of all ransomware.

A small handful of ransomware samples are responsible for most of the problems caused by crypto-malware. Leading the pack are samples like CryptoWall, Cryaki, TorretLocker, and CTB-Locker, Kaspersky Lab said.

The security vendor’s report comes amid signs of growing corporate worry over the trend.

In a survey of 1,138 companies from various industries conducted by KnowBe4, 79% say they are highly concerned about ransomware attacks. Two-thirds claim to know someone that had been victimized by ransomware, compared to 43% who said the same thing two years ago.

The survey showed that mid-sized companies with between 250- and 1,000 employees tend to get hit harder than large and small businesses.

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

More Insights