Ransomware Roundup: February 2017

Our newest segment brings you the latest in ransomware statistics and attacks from the wild.

Recent Ransomware Statistics and News:

• New research from Check Point revealed that the Locky, Cryptowall, and Cerber ransomware strains accounted for 90% of all attacks in the second half of 2016. Check Point researchers point out that ransomware attacks proliferate fast “simply because they work and generate significant revenues for attackers.”
• In its 2017 Annual Threat Report, network security firm SonicWall said there were 638 million instances of ransomware in 2016 alone, with the Locky strain leading the pack in popularity. This number represents what SonicWall called a “meteoric” increase from 2015’s 3.8 million ransomware attacks.
• A report by security firm ESET found that ransomware targeting Android devices grew more than 50% in 2016, with lock-screen “police ransomware” remaining the most lucrative and common type of attack.
• A new study from the Ponemon Institute titled The Rise of Ransomware revealed that 48% of businesses hit by ransomware have paid the ransom (despite being urged not to do so by cybersecurity experts and the FBI). The results of the report are based on responses from 618 professionals, consisting of mostly IT contractors, managers, and business owners who report directly to a CISO. Nearly 60% of these respondents also said that negligent end users put their organizations at risk for a ransomware attack.

Visit our Ransomware Resource Center for free, end-user-focused security awareness materials

Recent Ransomware Attacks:

• A new crypto-ransomware campaign for macOS distributed via BitTorrent sites called “Patcher” has appeared. While not highly sophisticated, it’s effective enough to prevent victims from accessing their files, and could cause serious damage.
• Users of Google Chrome should be on high alert for a new ransomware attack that leads them to believe their browser is missing a vital component, its font. Victims who try to install the font are hit with a “dropper” that delivers the highly-sophisticated Spora ransomware.
• Bingham County, Idaho, was hit with a large-scale ransomware attack that took down servers on February 15, impacting the county’s website, emergency 9-1-1 calls, and dispatch center. Attackers demanded a $25,000 payment, but the county did not pay the ransom; they instead rebuilt their computer infrastructure to prevent future attacks.
• The Roxana, Illinois, police department is recovering from a ransomware attack that left their computers out of commission for four days, worrying residents. The police did not pay the ransom and the FBI is now investigating the incident.
• The third largest county in Ohio was affected by a ransomware attack that completely shutting down computers in Licking County government offices and its police department. Despite the ability to avoid these types of attacks with good backup practices, they are becoming more common as the public sector continues to be a hot target.
• Storage devices containing data from police surveillance cameras out of Washington, D.C., were compromised with two different forms of ransomware, prompting a citywide sweep of the network. The police department did not pay a ransom, and instead took the affected cameras offline to remove the software.
• A ransomware attack on a luxury hotel in Austria was locked out of its computers for 24 hours, leaving workers unable to issue new key cards to guests and taking the reservation system offline. The hotel paid the ransom (in Bitcoins) and plans to revert back to “old, normal keys.”
• Police in Cockrell Hill, Texas, lost eight years of digital evidence due to a ransomware attack that was “introduced onto the network from a spam email that had come from a cloned email address imitating a department-issued email address.” Microsoft Office and video files dating back to 2009 were reportedly lost when the department decided to wipe the server instead of paying the $4,000 ransom. The department stated that it does still have hard copies of all documents and backups of videos and photos on CDs and DVDs.
• Computers at all 17 branches of the St. Louis Public Library were impacted due to a ransomware attack that carried a payment demand of $35,000. Managers did not pay the ransom; IT staff wiped affected servers and restored them from backups. Library staff members are working with the FBI to determine the origin of the infection.