As ransomware campaigns continue to become an increasingly lucrative business for cybercriminals on the Dark Web, the alarming torrent of crypto-ransomware attacks is showing no signs of slowing down. The number of users hit by crypto-ransomware, which encrypts a victim's data and demands payment in exchange for a decryption key, has jumped by more than five times compared to figures from 2014-2015, according to a report from cybersecurity firm Kaspersky Lab.
Analysing global users of its products with the Kaspersky Security Network feature enabled, the firm compared two 12-month periods - April 2014-2015 and April 2015-March 2016 - to research the scale and evolution of ransomware attacks over the past two years. The company's analysis included both crypto-ransomware and classic screen-blocker ransomware attack statistics.
According to the firm's ransomware research report, 718,536 people were hit by encryption ransomware attacks between April 2015 and March 2016 - an increase of 5.5 times compared to the same period in 2014-2015. The total number of users hit by any type of ransomware jumped by 17.7%, from 1.97 million users between April 2014 to March 2015 to over 2.3 million users around the world between April 2015 to March 2016, researchers said.
"It's no secret that crypto-ransomware, which encrypts data on users' systems has become a huge problem for cybersecurity over the last few years," Kaspersky Lab said. "It has become so widespread that it could easily be called an epidemic."
"The irreversible consequences of this kind of malware infection, along with the high value data that is being encrypted by ransomware tempts victims to pay for decryption, which in turn draws more cybercriminals into the business."
The number of users attacked by screen blockers, however, dropped by 13% from over 1.8 million users in 2014-2015 to almost 1.6 million users in 2015-2016. However, the share of users hit by crypto-ransomware as a proportion of those attacked by ransomware soared from 6.6% in 2014-2015 to 31.6% in 2015-2016.
"The biggest problem with crypto-ransomware today is that sometimes the only way to get the encrypted data back is to pay the criminals, and victims tend to pay," Fedor Sinitsyn, a senior malware analyst at Kaspersky Lab, said in a statement. "That brings a lot of money into the underground ecosystem that has grown up around this malware, and as a result we are seeing new cryptors appear almost daily."
The report also found that Germany, Italy and the US had the highest percentage of users attacked with encryption ransomware.
According to figures from a surge in ransomware attacks in March, more than half of ransomware attacks involved the use of crypto malware "due to the activity of a small number of ransomware groups led, among others, by the infamous encryption ransomware."
Researchers also found that the number of enterprise users attacked by crypto-ransomware has been increasing as well, accounting for about 7% of all ransomware victims in 2014-2015, which Kaspersky says is a strategic move from a cyber thief's point of view.
A recent report from Flashpoint found that ransomware hackers are increasingly looking to target hospitals and the healthcare industry as opposed to individual victims since they are more likely to cough up tens of thousands of dollars in ransom payments.
In February, the Hollywood Presbyterian Medical Centre paid around $17,000 to hackers who infected their systems. More recently, the University of Calgary in Canada was forced to pay a whopping $20,000 after it was hit with a massive ransomware attack that took down the institution's IT systems. Other recent extortion attacks against the healthcare industry this year included MedStar Health, the Desert Valley Hospital and the Chino Valley Medical Centre.
"Companies and regular users can protect themselves by implementing regular backups, using a proven security solution and keeping themselves informed about current cybersecurity risks," Sinitsyn said. "The ransomware business model seems to be profitable and safe for criminals, and the security industry and users can change that just by implementing these basic measures."