This year has seen an unprecedented number of ransomware attacks on US businesses. Healthcare providers have also been targeted, with medical services heavily disrupted as a result of ransomware infections.
A recent report issued by Infoblox has confirmed the extent of the current ransomware epidemic and how much of a risk the malicious file-encrypting software poses for businesses.
In the first quarter of the year alone, the number of domains that were being used to distribute ransomware jumped by an astonishing 3500%.
The figures suggest that the majority of new domains that have been discovered to be spreading malware are being used to spread ransomware, rather than Trojans and spyware. Those domains are now being used for ransomware attacks on US businesses, rather than attacks on consumers. That is where the money is, and that is where cybercriminals efforts are concentrated.
A consumer may pay a $500 ransom to unlock personal files on an encrypted computer; however, since the latest ransomware variants are capable of spreading laterally from an infected machine to other networked devices, ransomware attacks on US businesses are much more profitable. If an attacker succeeds in infecting multiple computers, the ransom payment can be considerable.
Ransomware attacks on US businesses are conducted because they are profitable, and until that changes, the attacks will continue. The actors behind the ransomware attack on Hollywood Presbyterian Medical Center in February were paid $17,000 to supply the keys to unlock the encryption. However, the ransom demands can be considerably higher.
The report indicates the biggest threat is Locky Ransomware. Locky was first discovered in February this year, but has since become one of the biggest threats. Locky ransomware is spread via exploit kits and malicious spam emails, and it was reportedly the ransomware variant behind the Hollywood Presbyterian Medical Center attack. No decryptor has been released to deal with a Locky ransomware infection to date.
While ransomware and malware are now being developed at an alarming rate, the biggest category of malicious domains is exploit kits. New malicious websites containing exploit kits are the biggest category of malicious domain, accounting for 50% of all malicious domains added to the InfoBlox DNS Threat index.
Exploit kits are also being used to distribute ransomware, with Locky added to the Angler exploit kit – The most popular exploit kit currently in use according to the InfoBlox report.
With malicious domains increasing, massive spam email campaigns being conducted to spread ransomware infections, any organization that has yet to implemented defenses against ransomware infections could end up paying the price.