“In 2016, ransomware grabbed headlines, and for good reason.”
Companies that are not proactively protecting themselves against ransomware attacks could pay for it in the short term.
A report by cybersecurity company Malwarebytes said ransomware distribution rates in 2016 grew by 267% between January and November. Ransomware was the leading attack strategy used against businesses, with the United States recording the most ransomware detections.
Ransomware is an attack where a malicious program will block people and companies out of their computers and systems until a sum of money is paid.
According to the Malwarebytes 2017 State of Malware Report [PDF], 2016 was an unprecedented year for cyber attacks. Established malware such as trojans, spyware and keyloggers gave companies headaches, but the dominant attack strategy was ransomware. In the last financial quarter of 2016, Malwarebytes discovered almost 400 different varieties of ransomware, thanks to an increase in the number of “ransomware-as-a-service” kits that, “take all the hassle out of digital thievery.”
“In 2016, ransomware grabbed headlines, and for good reason,” the report said. “While traditional malware such as banking Trojans, spyware, and keyloggers requires the cybercriminal to oversee multiple steps before revenue is delivered to their bank account, ransomware makes it a seamless, automated process.”
The data was gathered from just under one billion cumulative malware detections or incidences logged by Malwarebytes from June to November 2016. The report was focused on Windows and Android devices only, with both consumer and corporate environments under the microscope. Six threat categories were studied—ransomware, ad fraud malware, Android malware, botnets, banking trojans and adware.
Simplicity Is The Key Ingredient
As an attack strategy, ransomware is simple.
Once installed in a device such as a computer, smartphone or wearable—usually through a Trojan disguised as a legitimate file—the malware executes a denial-of-access attack and prevents an individual from using that device until a ransom is paid to unlock it.
The seamless simplicity of the malware is what appeals to cybercriminals, Malwarebytes said.
At the beginning of 2016, ransomware accounted for 18% of cyber threats. By November, the malware was responsible for 66% of all detected incidents. Almost 60% of the ransomware variants discovered in the last six months of 2016 were less than a year old.
The United States, which has a large population base of computer users, registered 32.51% of ransomware detections. In comparison, Asia—which also has a significant device and population base—logged 9.84% of detections.
Corporate America was a favorite avenue of attack, said Malwarebytes. A full 81% of ransomware detections in corporate environments came from North America. Conversely, 51% of detections in Europe came in home or consumer environments. On a global basis, 12.3% of all detections for enterprises were found to be ransomware compared to 1.8% on the consumer side.
The U.S. is favored by malicious actors, but Europe is the most ransomware-ridden continent, Malwarebytes said.
Forty-nine percent of ransomware detections came from European devices. Germany is second only to the U.S. in terms of impact from ransomware. Malwarebytes cites Germany as a target of malware authors. France, the United Kingdom and Spain are also vulnerable, although the Vatican City was an unsurprising recipient of the largest increase in malware variants—1,200% during the observed time period.
Ad fraud malware and botnets also gained prominence in 2016, Malwarebytes said.
The United States was the prime target of ad fraud with 68.5% in the last six months of 2016. Botnets—a common strain of malware for the last 10 years—capitalized on their notoriety thanks to the Internet of Things. A high-profile attack on the Dyn network in October traced back to connected devices. Asia was the prime breeding ground for botnets: 61.15% of detections were found on the continent.
Ransomware Is Growing At An Insane Rate
The prevalence of ransomware as a significant threat to companies was echoed in a similar report by SonicWall.
According to the 2017 SonicWall Annual Threat Report, ransomware attacks increased from 3.8 million in 2015 to 638 million in 2016. Ransomware was the payload of choice for malicious exploits, with a variety of industries hit during the year, SonicWall said.
“The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin,” said SonicWall’s president and CEO Bill Conner, in a blog post. “Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.”