According to the latest figures from Kaspersky Lab, there are now more than 323,000 new malware samples being released every day: An increase of 13,000 per day compared to last year and 253,000 more malicious files per day than in 2011. Kaspersky Lab’s cloud database now contains the signatures for more than 1 billion forms of malware.
The massive rise in new forms of malware is due to more sophisticated means of creating new malware. Now malware developers are able to develop brand new forms of malware automatically using sophisticated production software.
Ransomware too has proliferated in 2016. This month, Kaspersky Lab reports that 62 new ransomware families have appeared so far in 2016, and new modifications to those ransomware families have increased substantially throughout the year. In Quarter 1, Kaspersky Lab detected 2,900 ransomware modifications. However, by Q3 there had been an 11-fold increase with more than 32,091 modifications detected. By the end of October, 44,287 new ransomware medications had been detected.
Those ransomware variants are now used to attack businesses and individuals with increasing frequency. Figures for Q1, 2016 show that an individual was attacked every 20 seconds and a business every 2 minutes on average. By Q3, individuals were being attacked every 10 seconds and businesses every 40 seconds.
Locky ransomware has fast become one of the biggest threats, but it is not responsible for the most infections. CTB-Locker is still the main ransomware variant and accounts for more than a quarter of ransomware infections. Locky is in second place with 7% followed by TeslaCrypt on 6.5%, although TeslaCrypt was cracked and was active only until May 2016. Scatter, Cryaki, and Cryptowall account for between 2-3% each, with Shade, Crysis, and Cryrar, and Snocry making up the remainder of the top 10.
The ransomware epidemic is a major problem, although there has been some good news in 2016. Fortunately, major ransomware variants have been cracked and free decryptors released through the No More Ransom Project. Decryptors now exist for Chimaera, TeslaCrypt, Shade, Rannoh, Rakni, and Coinvault, and Wildfire. Unfortunately, cybercriminals are keeping one step ahead and there is no end in sight to the ransomware epidemic.
One in five businesses have now experienced a ransomware attack, 42% of SMBs were attacked with ransomware in the past 12 months, and 32% were forced to pay a ransom due to the inability to recover files from backups. Recovering files that have been encrypted has proved problematic. 67% of companies have lost part or all their corporate data to ransomware, and one in four has spent weeks trying to recover files.
Businesses are threatened with data loss if they do not pay the ransom demand, but making a payment is no guarantee that data can be recovered. Kaspersky Lab reports that one in five businesses that paid their attackers were not able to recover their data.
The message to all organizations is to ensure multiple backup copies of data exist, that they are stored on air-gapped machines or in the cloud, and a host of ransomware defenses are deployed to prevent the malicious software from being installed in the first place.