Currently TeslaCrypt, Locky and CryptoWall are Top 3 Ransomware Threats

Fortinet gathered the data by using its Intrusion Prevention System (IPS) system. The company logged traffic from infected systems to IPs, which belongs to ransomware C&C servers. Fortinet collected information doesn't mention the total infected victim's number, however it shows in quantitative form, the total traffic exchanged between infected systems and its server.

As discovered by Fortinet, between 17th February, when the ransomware known as Locky was initially spotted, and till 2nd March, exactly after two weeks, it was found that the CryptoWall family has the most active ransomware campaign, which constituted 83.45% of all connections.

Rodel Mendrez, Trustwave security researcher, revealed that we are right now seeing extraordinary (sic) enormous attachments volume of JavaScript being spammed out, which if clicked by users, cause downloading of a ransomware. Our database of spam research saw approximately four million malware spams during the past seven days, and the malware class in total constituted 18% of total spam landing at our spam traps.

Ibtimes.com posted on March 10th, 2016, quoting Trustwave experts as saying that in the last 30 days, we have witnessed concentrated bursts of ransomware activity and during one point 2 Lacs emails hit our servers in one hour.

FBI cautioned that ransomware has developed into one of the greatest threats to businesses and consumers. Even though some writers of ransomware committed errors in their code initially, there is typically no way of recovering the files without decryption key. The ransom amount is normally few hundred dollars and all instructions about the process of payment in bitcoin are given to victims. Generally, security experts recommend to keep a backup files to recover from a ransomware attack and ensure that malware can't reach the backup files.

Locky replaced Dridex banking Trojan due to which there has been this dramatic rise and it is now being spreading through a well-oiled spam operation which has been active for two years and it is run by professional operators of malware. Fortinet claims that maximum victims of all the three ransomware families are found in the US, but many victims can also be found in Canada, Mexico and Japan.

» SPAMfighter News - 3/18/2016