December 14, 2016
Attacks using the two of the most prolific forms of ransomware spiked in November as one continues to be amongst the top global threats.
Locky ransomware made up 6% of all malware attacks during November.
Cyberattacks using the most common forms of ransomware spiked during November, continuing the ongoing trend for growth in the use of the file encrypting malicious software by cyber criminals.
Ransomware has exploded in 2016 and is increasingly targeting business networks instead of individual users. The total cost of damages related to these attacks is set to top $1 billion this year.
According to the monthly global threat index by cybersecurity researchers Check Point, the number of attacks using the Locky and Cryptowall variants of ransomware rose by 10 percent in November when compared with the previous month.
Locky also continues to feature as one of the world's most prevalent forms malware, ranking as the second most common threat in Check Point's index, accounting for six percent of all known attacks.
Ultimately, Locky - and other forms of ransomware - are successful for one reason; because the attacks are easy to carry out and victims are willing to pay to get their data back.
"Organizations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don't have the right defences in place, and may not have educated staff on how to recognise the signs of a potential ransomware attack in incoming emails. This, of course, only makes it even more attractive to criminals," says Nathan Shuchami, Head of Threat Prevention at Check Point.
Ransomware doesn't show any signs of slowing down, and it's likely to only become a bigger problem in 2017.
But with under a year since it first appeared, Locky ransomware is very much a newcomer to the malware scene, especially compared with the most common form of malware during November. That accolade goes to the Conficker worm, which despite being over eight years old, still accounted for 15 percent of all known attacks during the 30 day period.
Sality, a virus which allows remote operations and downloads of additional malware to infected systems in order to deliver furthers malicious payloads to others, was the third most common threat during November, accounting for five percent of all attacks.
While ransomware runs riot, it was the Ramnit banking Trojan which saw the largest increase in attacks during November, entering Check Point's top ten for the first time in sixth spot. The number of Ramnit infections has more than doubled since October, with those behind the malware using it to steal banking credentials, passwords and other data from victims.
The Global Threat Index also details the most significant malware threats to businesses via mobile devices, with the HummingBad Android malware remaining the most common form of cyberattacks against mobile devices.
Remaining second to HummingBad was Triada, a backdoor for Android which grants super-user privileges to downloaded malware and spoofs URLs. Triada was followed by Ztorg, a Trojan which downloads and installs applications on the phone without the user's knowledge.