Ransomware Dips but Remains 'Evolving Menace'
Microsoft detects a drop in ransomware encounters toward the end of 2016 but warns against growing complacent.
The good news is that ransomware seems to have peaked back in August 2016, according to data collected by Microsoft security researchers. The bad news is that attackers are resorting to craftier methods of ensnaring victims.
In a recent blog post from the Microsoft Malware Protection Center, the software giant's security experts noted that "after peaking in August, when 385,000 [ransomware] encounters were registered, ransomware encounters dropped almost 50 percent in September, and it has continued to decline."
At first blush it's an encouraging sign for overworked IT security specialists, but it's no reason to let one's guard down, cautioned the company.
Motivated by a potential payoff, attackers are pursuing new and more innovative ways to deposit ransomware on PCs and servers. According a Datto survey, small businesses in the U.S. lose $75 billion a year to ransomware. Although downtime accounts for much of that figure – often more than $8,500 per hour – some companies admitted to paying the ransom, which is no guarantee that the data will be returned.
"Cybercriminals are continually updating their wares. For instance, toward the end of 2016, we documented significant updates to the latest Cerber version," wrote Microsoft's bloggers. "These improvements in malware code are cascaded in attacks via ransomware-as-a-service, which provides a business model that makes the latest versions of ransomware available for cybercriminals in underground forums."
Describing the threat as an "evolving menace," Microsoft also warned attackers are using sneaker social engineering tactics to get victims to pay up.
Last year, most ransomware adopted a countdown timer to pressure users into paying the ransom immediately or risk losing their files for good. Cerber ransomware added an ominous twist when it arrived in March 2016 by delivering an audio message that demanded payment and CornCrypt incentivized victims to infect others by offering to decrypt their files if they spread the malware to their friends.
Cerber (20 percent) and Locky (16 percent) ruled the ransomware scene in 2016 based on the number of detections. Crowti (12 percent), Tescrypt (11 percent) and Teerac (9 percent) rounded out the top five. Regionally, the U.S. leads in ransomware encounters, followed by Italy and Russia.
Check Point today released its Global Threat Intelligence Trends Report for the second half of 2016, confirming that ransomware remains a major threat. Ransomware attacks doubled during the July-December timeframe, from 5.5 percent of all attacks to 10.5 percent, according to the computer security provider.
"The report demonstrates the nature of today's cyber environment, with ransomware attacks growing rapidly. This is simply because they work, and generate significant revenues for attackers," said Maya Horowitz, Threat Intelligence Group Manager at Check Point, in a statement. "Organizations are struggling to effectively counteract the threat: many don't have the right defenses in place, and may not have educated their staff on how to recognize the signs of a potential ransomware attack in incoming emails."
Image credit: Microsoft