Kaspersky
researchers detected 16,017 new ransomware modifications in Q2 2019 - including
ones belonging to eight new malware families. According to the company's IT
Threat Evolution Q2 2019 report, this is more than double the number of new
samples detected a year ago, in Q2 2018 (7,620).
A Trojan-Ransom can be equally
successful in both private and corporate attacks, as its functionality is
simple yet highly effective. These Trojans encrypt files on a user's computer
and demand a ransom for the files to be released. The increase in malicious
modifications and the appearance of new families is a dangerous sign that
criminal activity is intensifying, with new malware versions emerging.
The second quarter of the year
experienced a high number of infection attempts. According to Kaspersky data,
232,292 unique users were targeted by such attacks - 46% more than a year ago,
in Q2 2018 (158,921). The countries with the largest share of attacked users
were Bangladesh (9%), Uzbekistan (6%) and Mozambique (4%).
The ransomware family that
attacked users most often in Q2 2019 (23.4% cases) was still WannaCry. Even
though Microsoft released a patch for its operating system to close the
vulnerability exploited by the ransomware two years ago, it still remains in
the wild. Another major actor was Gandcrab with 13.8% share, despite its creators
announcing that GandCrab wasn't going to be distributed from the second half of
the quarter.
"In this quarter we observed an
increase in the number of new ransomware modifications, even though the
Gandcrab family closed down in early June," said Fedor Sinitsyn, security
researcher at Kaspersky. "The GandCrab ransomware family has long been one of
the most popular cryptors amongst cybercriminals. For more than 18 months it
has stayed in the list of the most rampant ransomware families we detect, but
even its decline did not lower the statistics, as there are still other
numerous widespread Trojans. The GandCrab case is a good illustration of how
effective ransomware can be, with its creators stopping their malicious
activity after claiming they made a tremendous amount of money by extorting
funds from their victims. We expect new actors to replace GandCrab and urge
everyone to protect their devices by installing software updates regularly and
choosing a reliable security solution."
Other
report findings include:
- Kaspersky detected and repelled 717,057,912 malicious
attacks from online resources located in around 200 countries and
territories around the world (26% decrease compared to Q2 2018)
- Attempted malware infections that aim to steal money
via online access to bank accounts were registered on 228,206 user
computers (six percent growth compared to Q2 2018)
- Kaspersky's antivirus file detected a total of
240,754,063 unique malicious and potentially unwanted objects (25% growth
compared to Q2 2018)
- Kaspersky mobile security products also detected
753,550 malicious installation packages (57% decrease compared to Q2 2018)
To
reduce the risk of infection, Kaspersky advises private users to:
- Always
update your operating system to eliminate recent vulnerabilities and use a
robust security solution with updated databases
- Not
pay the ransom if you find your files have been encrypted with cryptomalware. This will only encourage
cybercriminals to continue and infect more people's devices. It is better
to find a decryptor on the internet - some are available for free here: https://noransom.kaspersky.com/
- Always
have fresh backup copies of your files, so you can replace them in case
they are lost (e.g. due to malware or a broken device) and store them not
only on the device but also in cloud storage for greater reliability.
Read the full version of the Kaspersky's IT
Threat Evolution Report Q2 2019 on
Securelist.com.