{"id":5504,"date":"2016-06-22T06:44:48","date_gmt":"2016-06-22T10:44:48","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5504"},"modified":"2019-11-15T15:24:09","modified_gmt":"2019-11-15T11:24:09","slug":"ransomware-blocker-to-cryptor","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/5504\/","title":{"rendered":"Ransomware&#8217;s history and evolution in facts and figures"},"content":{"rendered":"<p>Ransomware has hit the news in a big way lately. Is this malware just another hot-button topic that everybody will forget about as soon as a new big threat emerges? Unfortunately, that\u2019s unlikely: Ransomware infections are reaching pandemic rates, and this type of malware is not going to vanish any time soon. We are not trying to scare you \u2014 well, we are, but not for kicks. Have a look at the statistics gathered by\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-security-network-explained\/8657\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Security Network<\/a>\u00a0and you\u2019ll see \u2014 we are facing a really dangerous threat.<\/p>\n<h3>The first wave: blockers<\/h3>\n<p>Ransomware\u2019s history can be divided into two parts: before encryption and after it. Blockers were the ancestors of modern cryptors. This malware blocked access to a user\u2019s operating system or browser until the victim paid a moderate ransom. Paying typically required sending an SMS to a short code (an alternative to a telephone number, often used for charity giving) or transferring money to an e-wallet.<\/p>\n<p>This malware used to be rather profitable \u2014 and criminals used it widely. Naturally, security experts and law enforcement agencies tackled the problem quickly.<\/p>\n<p>They found an elegant solution and struck at the cybercriminals\u2019 business from the side of payment systems. When the regulatory rules of electronic payments changed, cybercrime became simultaneously less profitable and more risky\u2019 and many culprits got busted.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Tip?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Tip<\/a> of the week: Fighting screen lockers with <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> products <a href=\"https:\/\/t.co\/SAS4x4ve9o\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/SAS4x4ve9o<\/a> <a href=\"https:\/\/t.co\/11SGH4e8nR\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/11SGH4e8nR<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/738735944132636673?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 3, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Second wave: cryptors<\/h3>\n<p>A couple of years ago, everything changed. Bitcoin became widespread and rather popular among cybercriminals. The cryptocurrency is simultaneously a digital asset and a payment system that is impossible to trace or regulate. Of course, criminals loved it. In addition, they switched to a new approach: Instead of blocking access to browsers and operating systems, they began encrypting files stored on victims\u2019 hard drives.<\/p>\n<p>Why is the encryption approach so efficient? Private files are unique, so users cannot replace them by reinstalling an operating system. If the cryptor uses strong encryption, people become unable to restore (in other words, to decrypt) their files. This has empowered criminals to demand huge ransoms: several hundred dollars from consumers and thousands from companies and corporations.<\/p>\n<p>For a time, that young generation of encryptors was less widespread than the older blockers. But it didn\u2019t take criminals long to switch to the new malware. By the end of 2015 the number of ransomware attacks was increasing like an avalanche.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5506\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/06\/05103228\/01.png\" alt=\"01\" width=\"2199\" height=\"969\"><\/p>\n<p>According to our analysis, based on Kaspersky Security Network statistics, in one year\u00a0<b>the number of attacks increased more than fivefold<\/b>: from 131,111 attempts to infect our users in 2014\u20132015 to 718,536 in 2015\u20132016.<\/p>\n<h3>Global distribution of attacks and the most active ransomware families<\/h3>\n<p>The top 10 countries for ransomware are India, Russia, Kazakhstan, Italy, Germany, Vietnam, Algeria, Brazil, Ukraine, and the United States. However, the ransomware that people face in India, Algeria, Russia, Vietnam, Kazakhstan, Ukraine, and Brazil is mostly old and relatively mild versions of blockers. In the US, however, 40% of ransomware victims are attacked by dangerous cryptors. In Italy and Germany, the situation is even worse: in these countries the word \u2018ransomware\u2019 became synonymous to the word \u2018cryptor\u2019.<\/p>\n<p>In 2015\u20132016, four racketeering Trojans were the most active:\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/teslacrypt-strikes-again\/10860\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">TeslaCrypt<\/a>\u00a0(almost half of all attacks, but fortunately,\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/raknidecryptor-vs-teslacrypt\/12169\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">we have a decryptor for it<\/a>),\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/ctb-locker-strikes-web-servers\/11593\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CTB-Locker<\/a>, Scatter, and\u00a0<a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/73038\/kaspersky-security-bulletin-2015-overall-statistics-for-2015\/\" target=\"_blank\" rel=\"noopener noreferrer\">Cryakl<\/a>\u00a0(we also\u00a0<a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">decrypt Cryakl<\/a>).\u00a0<b>Those four families share almost 80% of the \u201cmarket\u201d<\/b>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5507\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/06\/05103226\/04-1.png\" alt=\"04-1\" width=\"1028\" height=\"815\"><\/p>\n<p>Another noteworthy fact: Initially, ransomware targeted mostly home users. After the \u201cupgrade\u201d to encryption, it started going after companies as well:\u00a0<b>The share of corporate users attacked with ransomware more than doubled from 2014\u20132015 to 2015\u20132016, from 6.8% to 13.13%<\/b>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5508\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/06\/05113007\/07-2.png\" alt=\"07-2\" width=\"1602\" height=\"687\"><\/p>\n<p>You can\u00a0<a href=\"https:\/\/securelist.com\/analysis\/publications\/75145\/pc-ransomware-in-2014-2016\/\" target=\"_blank\" rel=\"noopener noreferrer\">read further<\/a>\u00a0about the evolution of ransomware from 2014 to 2016 on securelist.com.<\/p>\n<h3>How to stay protected<\/h3>\n<p>1. Make backups regularly.<\/p>\n<p>2. Use reliable security solutions. For example,\u00a0<a href=\"http:\/\/kas.pr\/8FWS\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Internet Security<\/a>, as well as all of our other\u00a0<a href=\"https:\/\/kas.pr\/o1sT\" target=\"_blank\" rel=\"noopener noreferrer\">flagship solutions<\/a>, detects and blocks all known ransomware families. It also has a built-in\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-protection-video\/8765\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">module<\/a>\u00a0that can protect you from the latest and yet-unknown cryptors.<\/p>\n<p>3. Update your software on a regular basis: Patches fix software vulnerabilities, and the fewer bugs you have, the harder it becomes to infect your system.<\/p>\n<p>4. Keep up with cybersecurity news here on Kaspersky Daily and on\u00a0<a href=\"https:\/\/threatpost.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">threatpost.com<\/a>\u00a0\u2014 alert today is alive tomorrow. Be sure to tell your friends, relatives, and colleagues about the latest threats.<\/p>\n<p>5. If you\u2019ve already fallen victim to ransomware, don\u2019t pay any ransom without giving other options a try. If you\u2019ve come across a blocker, use our free\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-windowsunlocker-2\/12275\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">WindowsUnlocker<\/a>\u00a0tool. If you are fighting against a cryptor, check\u00a0<a href=\"http:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">NoRansom.kaspersky.com<\/a>\u00a0to see if there is a cure for that as well.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware has hit the news in a big way lately. Is this malware just another hot-button topic that everybody will forget about as soon as a new big threat emerges?<\/p>\n","protected":false},"author":421,"featured_media":5505,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1486],"tags":[457,1201,1202,36,1203,433,521,692],"class_list":{"0":"post-5504","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-blockers","10":"tag-cryptors","11":"tag-kaspersky-windows-unlocker","12":"tag-malware-2","13":"tag-noransom","14":"tag-ransomware","15":"tag-threats","16":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/5504\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/7327\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-blocker-to-cryptor\/7353\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/7295\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-blocker-to-cryptor\/8526\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-blocker-to-cryptor\/8444\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-blocker-to-cryptor\/12301\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-blocker-to-cryptor\/2221\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/12435\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ransomware-blocker-to-cryptor\/5777\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-blocker-to-cryptor\/6438\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-blocker-to-cryptor\/8031\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-blocker-to-cryptor\/11817\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-blocker-to-cryptor\/12301\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-blocker-to-cryptor\/12435\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-blocker-to-cryptor\/12435\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/blockers\/","name":"blockers"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5504"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5504\/revisions"}],"predecessor-version":[{"id":14862,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5504\/revisions\/14862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5505"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}