Cyber-thieves are adopting ransomware in “alarming” numbers, say security researchers. There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims.
Ransomware samples seen by his company had risen by more than a quarter in the first three months of 2016, he added. Mr Samani blamed the rise on the appearance of freely available source code for ransomware and the debut of online services that let amateurs cash in.
Ransomware was easy to use, low risk and offered a high reward, said Bart Parys, a security researcher who helps to maintain a list of the growing numbers of types of this kind of malware. “The return on investment is very high,” he said.
Mr Parys and his colleagues have now logged 124 separate variants of ransomware. Some virulent strains, such as Locky and Cryptolocker, were controlled by individual gangs, he said, but others were being used by people buying the service from an underground market.
“It’s safe to say that certain groups are behind several ransomware programs, but not all,” he said. “Especially now with Eda and HiddenTear copy and paste ransomware, there are many new, and often unexperienced, cybercriminals.”
A separate indicator of the growth of ransomware came from the amount of net infrastructure that gangs behind the malware had been seen using. The numbers of web domains used to host the information and payment systems had grown 35-fold, said Infoblox in its annual report which monitors these chunks of the net’s infrastructure.
The gangs behind the most prevalent ransomware campaigns had got very good at hiding their malicious code, said Mr Weingarten. “Where we see the innovation is in the infection vector,” he said.
SentinelOne had seen gangs using both well-known techniques and novel technical tricks to catch out victims.
A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts, he said, but other gangs used specialised “crypters” and “packers” that made files look benign. Others relied on inserting malware into working memory so it never reached the parts of a computer on which most security software keeps an eye. “It’s been pretty insane with ransomware recently,” he said.