Nov 29, 2017 -
2017 will be remembered as the year the ransomware threat suddenly and spectacularly evolved with advanced threat actors targeting businesses the world over with a series of destructive worm-powered attacks whose ultimate goal remains a mystery. These attacks included WannaCry on May 12, ExPetr on June 27, and BadRabbit in late October. They all used exploits designed to compromise corporate networks. Businesses were also targeted by other ransomware and the company prevented ransomware infections on over 240,000 corporate users overall.
All Kaspersky Lab products protect users from ransomware. The company’s products also include a layer of technology: System Watcher that can block and roll back malicious changes made on a device, such as the encryption of files or blocked access to the monitor. Further, a free anti-ransomware tool is available for all businesses, regardless of which brand of security software they use.
2017 will be remembered as the year the ransomware threat suddenly and spectacularly evolved with advanced threat actors targeting businesses the world over with a series of destructive worm-powered attacks whose ultimate goal remains a mystery. These attacks included WannaCry on May 12, ExPetr on June 27, and BadRabbit in late October. They all used exploits designed to compromise corporate networks. Businesses were also targeted by other ransomware and the company prevented ransomware infections on over 240,000 corporate users overall.
- Overall, just under 950,000 unique users were attacked in 2017, compared to around 1.5 million in 2016 – with the difference between them largely a reflection of detection methodology (for example: the downloaders often associated with cryptomalware are now better detected by heuristic technologies, so not classified together with the ransomware-related verdicts collected by our telemetry.)
- The three major attacks, as well as other, less notorious families including AES-NI and Uiwix, used sophisticated exploits leaked online in spring 2017 by a group known as the Shadow Brokers.
- There was a marked decline in new families of ransomware: 38 in 2017, down from 62 in 2016, with a corresponding increase in modifications to existing ransomware (over 96,000 new modifications detected in 2017, compared to 54,000 in 2016). The rise in modifications may reflect attempts by attackers to obfuscate their ransomware as security solutions get better at detecting them.
- From the second quarter of 2017, a number of groups ended their ransomware activities and published the keys needed to decrypt files. These included AES-NI, xdata, Petya/Mischa/GoldenEye and Crysis. Crysis later reappeared – possibly raised from the dead by a different group.
- The growing trend for infecting companies through remote desktop systems continued in 2017, when this approach became one of the main propagation methods for several widespread families, such as Crysis, Purgen/GlobeImposter and Cryakl.
- 65 per cent of businesses that were hit by ransomware in 2017, said they lost access to a significant amount or even all their data; and one in six of those who paid up never recovered their data. These numbers are largely consistent with 2016.
All Kaspersky Lab products protect users from ransomware. The company’s products also include a layer of technology: System Watcher that can block and roll back malicious changes made on a device, such as the encryption of files or blocked access to the monitor. Further, a free anti-ransomware tool is available for all businesses, regardless of which brand of security software they use.
Comments