Ransomware rush fades, but the threat still exists

According to the new F-Secure company report, the number of ransomware attacks in 2017 increased by over 400% compared to the previous year. The increase was caused by cumulative, global cyber attacks using WannaCry, which accounted for as many as 9 out of 10 of all detections. Cyberthreats resulting from other types of ransomware have lost their frequency, which can be interpreted as a change in the use of this tool by hackers.

The Changing State of Ransomware report shows that the dominant types of ransomware throughout the world are also Locky, Cryptolocker and Cerber, in addition to the WannaCry mentioned above. In Poland, in May and December 2017, Cerber (31%), Locky (30%) and WannaCry (25%) were among the most popular types.

F-Secure statistics ransomware

Sean Sullivan, security advisor at F-Secure, says the ransom software has lost interest, especially in the beginner hackers:

Several new types of ransomware have developed over the course of several years. However, in the last months of 2017, we have seen a significant reduction in the activity of cybercriminals using this type of malicious software. It seems that the gold rush has come to an end, but the threat still exists because the scale of WannaCry's attacks made hackers aware of how vulnerable companies are

WannaCry Ransomware

According to the report, ransomware can evolve towards attacks focused on corporations, for example through unprotected RDP ports . The SamSam ransomware is well-known for using this omission. The attack has infected many American organizations this year, and last month the IT systems belonging to the city of Atlanta have fallen victim to this attack.

There are many factors that affect the approach of cybercriminals to ransomware.

Probably the price of bitcoin is the most important because thanks to it, digging cryptocurrencies has become much more profitable for cybercriminals and probably less risky. The reason may also be falling revenues, because the awareness of threats has encouraged many users to regularly backup. Another important factor is the decrease in the "reliability" of hackers when it comes to fulfilling the promises of data decryption. However, it should be remembered that cybercriminals will take every possible opportunity and re-use ransomware if the conditions are right for them

- Sullivan sums up.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.