Ransomware attacks on business users slightly on the rise

More than one quarter of ransomware attacks – 26 percent - in 2017 have been aimed at business users, according to a new report from security company Kaspersky Lab.

That compares with 23 percent in 2016, and the rise is due in part to three unprecedented ransomware attacks targeting corporate networks “that forever changed the landscape of this increasingly virulent threat,” the report said.

The year will be remembered as a time when the ransomware threat suddenly evolved with advanced threat actors going after businesses worldwide, using a series of destructive worm-powered attacks whose ultimate goal remains a mystery, the study said.

security ransomware.jpg
Cables lead from the back of a switch unit in the server hall of the data storage center at the headquarters of Rostelecom PJSC, the state telecommunications operator, in Moscow, Russia, on Tuesday, Dec. 29, 2015. Netflix Inc. signed agreement with Rostelecom to use its TV service starting in 2016. Photographer: Andrey Rudakov/Bloomberg

The major attacks included WannaCry, ExPetr, and BadRabbit, which all used exploits designed to compromise corporate networks.

“The headline attacks of 2017 are an extreme example of the growing criminal interest in corporate targets,” said Fedor Sinitsyn, senior malware analyst, Kaspersky Lab. “We spotted this trend in 2016, it has accelerated throughout 2017 and shows no signs of slowing down.”

Overall, just under 950,000 unique users were attacked in 2017, compared with about 1.5 million in 2016. There was a decline in new families of ransomware (38 in 2017, down from 62 in 2016), with a corresponding increase in modifications to existing ransomware (more than 96,000 new modifications detected in 2017 compared with 54,000 in 2016).

The rise in modifications might reflect attempts by attackers to obfuscate their ransomware as security solutions get better at detecting them, the report said.

For reprint and licensing requests for this article, click here.