sb-au logo
Story image

Ransomware modifications double year-on-year in Q2 2019 - Kaspersky

26 Aug 2019

Kaspersky researchers detected 16,017 new ransomware modifications in Q2 2019 – including ones belonging to eight new malware families.

This is more than double the number of new samples detected a year ago, in Q2 2018 (7,620).

The Kaspersky IT Threat Evolution Q2 2019 report also highlights that more than 230,000 users were attacked during the quarter, along with other key findings.

A Trojan-Ransom can be equally successful in both private and corporate attacks, as its functionality is simple yet highly effective.

These Trojans encrypt files on a user’s computer and demand a ransom for the files to be released. The increase in malicious modifications and the appearance of new families is a dangerous sign that criminal activity is intensifying, with new malware versions emerging.

The second quarter of the year experienced a high number of infection attempts.

According to Kaspersky data, 232,292 unique users were targeted by such attacks – 46% more than a year ago, in Q2 2018 (158,921).

The countries with the largest share of attacked users were Bangladesh (9%), Uzbekistan (6%) and Mozambique (4%).

The ransomware family that attacked users most often in Q2 2019 (23.4% cases) was still WannaCry. Even though Microsoft released a patch for its operating system to close the vulnerability exploited by the ransomware two months prior to the start of the widespread and destructive attacks two years ago, it still remains in the wild.

Another major actor was Gandcrab with 13.8% share, despite its creators announcing that GandCrab wasn’t going to be distributed from the second half of the quarter.

Kaspersky security researcher Fedor Sinitsyn says, “In this quarter we observed an increase in the number of new ransomware modifications, even though the Gandcrab family closed down in early June. The GandCrab ransomware family has long been one of the most popular cryptors amongst cybercriminals.

“For more than 18 months it has stayed in the list of the most rampant ransomware families we detect, but even its decline did not lower the statistics, as there are still other numerous widespread Trojans.

Sinitsyn adds, “The GandCrab case is a good illustration of how effective ransomware can be, with its creators stopping their malicious activity after claiming they made a tremendous amount of money by extorting funds from their victims.

“We expect new actors to replace GandCrab and urge everyone to protect their devices by installing software updates regularly and choosing a reliable security solution.”

To reduce the risk of infection, Kaspersky advises private users to:

  • Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases
  • Not pay the ransom if you find your files have been encrypted with cryptomalware. This will only encourage cybercriminals to continue and infect more people’s devices. It is better to find a decryptor on the internet – some are available for free.
  • Always have fresh backup copies of your files, so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the device but also in cloud storage for greater reliability.

Other report findings include:

  • Kaspersky detected and repelled 717,057,912 malicious attacks from online resources located in around 200 countries and territories around the world (26% decrease compared to Q2 2018)
  • Attempted malware infections that aim to steal money via online access to bank accounts were registered on 228,206 user computers (six percent growth compared to Q2 2018)
  • Kaspersky’s antivirus file detected a total of 240,754,063 unique malicious and potentially unwanted objects (25% growth compared to Q2 2018)

Kaspersky mobile security products also detected 753,550 malicious installation packages (57% decrease compared to Q2 2018)

Story image
Trend Micro reveals misconfigurations are No. 1 cause of cloud security issues
The company says it identifies 230 million misconfigurations on average each day – proof, it says, that this risk is prevalent and widespread.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
Interview: ManageEngine's VP says legacy remote solutions aren't cutting it
Techday spoke with ManageEngine vice president Rajesh Ganesan on the company’s solutions to the rapid changes and issues facing workforces around the globe as millions upon millions pack up their offices and work from home.More
Story image
All the winners from Microsoft's 20/20 security awards
Security partners across 16 categories were recognised at the inaugural 20/20 partner awards.More
Story image
Data is more valuable to cyber attackers than cash - report
Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents. More
Story image
Glenn Maiden to lead FortiGuard Labs A/NZ as director of threat intelligence
Maiden will focus specifically on threat intelligence sharing for organisations across A/NZ, so that those organisations may protect their businesses from existing and emerging cyber threats.More