February 13, 2017

2016 Stat: 75% of ransomware comes from Russian-speaking criminal underground

Special Project Threats

The annual RSA conference will often overwhelm the average attendee. Between the great talks, the exhibition hall, the parties, and the city of San Francisco itself, there is a whole lot to take in.

It typically takes some time for the talks to really pick up and build up steam to drop a fact that makes you say…wow or damn. However, this year, it took me all of six hours from landing in the city from frigid Boston.

75% of ransomware comes from Russian-speaking criminal underground

While sitting in the RSAC 2017 Ransomware Summit, I was floored when I heard Anton Ivanov, a senior malware analyst at Kaspersky Lab, drop the following tidbit.

Out of the 62 crypto ransomware families discovered by the company’s researchers in the past year, 47 of them were developed by Russian-speaking cybercriminals — that’s a whopping 75%. What makes that figure even more staggering is that these ransomware families according to Kaspersky Lab telemetry attacked more than 1.4 million people around the globe in 2016.

Over the course of his talk, Anton delved into the research that the team conducted, breaking down the aspects of criminal involvement with ransomware (outside of the whole ransomware-being-a-crime thing).

  • Creation and updating of ransomware families.
  • Affiliate programs to distribute ransomware.
  • Participation in affiliate programs as a partner.
The structure of a professional ransomware group contains the malware writer, affiliate program owners, partners of the program, and the manager who connects them all into one invisible enterprise

The structure of a professional ransomware group contains the malware writer, affiliate program owners, partners of the program, and the manager who connects them all into one invisible enterprise

What really stood out to me on this was, if we know so much about this type of crime, why do we still see it? As Ivanov notes, it really comes down to the money and barriers to entry into this business. If you are interested in a more technical read on this, I suggest hopping over to Securelist, where this research was broken out more thoroughly.

If you think about it, this talk and topic was quite fitting to sit in on given that this city once housed some bad dudes in an isolated prison in the Bay.

Protecting yourself against ransomware

  1. Back up your files religiously. You can do this to the cloud or to an external device. I do both, but remember if you are logged in or the external drive is connected, ransomware can lock them as well.
  2. Install antivirus that monitors for ransomware. Kaspersky Total Security and Kaspersky Internet Security both employ System Watcher, which monitors for the kind of suspicious activity that is often associated with a ransomware attack.
  3. Don’t open attachments from unknown senders. Be selective about who you trust in terms of opening documents and clicking links that came via e-mail.

If you are infected with ransomware and have not backed up your files, please do not pay the ransom. Instead visit No More Ransom, our collaborative project with law enforcement agencies and even some competitors to help eradicate ransomware.