'Alarming' Rise In Ransomware Tracked

An anonymous reader quotes a report from BBC: Cyber-thieves are adopting ransomware in "alarming" numbers, say security researchers. There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims. Ransomware was easy to use, low risk and offered a high reward, said Bart Parys, a security researcher who helps to maintain a list of the growing numbers of types of this kind of malware. Mr Parys and his colleagues have now logged 124 separate variants of ransomware. Some virulent strains, such as Locky and Cryptolocker, were controlled by individual gangs, he said, but others were being used by people buying the service from an underground market. A separate indicator of the growth of ransomware came from the amount of net infrastructure that gangs behind the malware had been seen using. The numbers of web domains used to host the information and payment systems had grown 35-fold, said Infoblox in its annual report which monitors these chunks of the net's infrastructure. A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts, he said, but other gangs used specialized "crypters" and "packers" that made files look benign. Others relied on inserting malware into working memory so it never reached the parts of a computer on which most security software keeps an eye. Ars Technica reports that drive-by attacks that install the TeslaCrypt crypto ransomware are now able to bypass Microsoft's EMET.

Being alarmed is good

[Hentes]

Once you're hacked the bad guys can do a lot of nasty things to you and your data, shaking you for a few bitcoins if you don't have backups is pretty much the cheapest way you can find out about having a security hole. Data theft, APTs or even remote sabotage by a state agent can cause a lot more harm than ransomware, often without you even noticing. The spread of ransomware is actually very good for security, because it brings hidden vulnerabilities to light and associates an exact cost to them rather than for example the nebulous cost of losing sensitive data of costumers. Thus, ransomware alerts companies to vulnerabilities and bad backup practices, provides a financial incentive to fix those problems, all the while causing much less harm than the lack of those fixes would. Ransomware is doing more for security than a thousand conferences could.