The quantity and complexity of ransomware attacks is soaring. There has been a near six-fold increase in the number of users attacked recently, cyber-security specialist Kaspersky Lab has found. A recent presentation in Luxembourg explained how the firm is addressing this threat at source, as well as helping businesses take pro-active prevention measures.

“Organised criminals have realised the potential of ransomware, and thus the threat level is rising strongly,” explained Martijn Van Lom, General Manager Kaspersky Lab Benelux, speaking at a roundtable of local industry professionals at the Melia Hotel, Kirchberg on 30 June. In a recent survey, the firm found that 718,536 users were hit between April 2015 and March 2016; an increase by a factor of 5.5 compared to the same period in 2014-2015.

A nasty dilemma

He pointed out that this malware presents businesses and individuals with a tough choice. Cryptoware, the most alarming type of ransomware, encrypts the data on a victim’s PC or server, and then offers the decryption key in return for payment. “Generally the ransom is only a few hundred euros, making it a tempting prospect compared to the cost of restoring files from the backup.” he said. It’s a nasty dilemma, particularly as the victim knows that giving in to blackmail will encourage more attacks. Increasingly, blackmailers can ask for as much as €15,000, posing a major problem for those with poorly backed up critical data.

Kaspersky Lab cooperates closely with law enforcement agencies on cybercriminal threats. For example, they worked with the Dutch police and Europol to locate the perpetrators of the CoinVault ransomware attacks that affected users in more than 20 countries. Jornt van der Wiel, Security Researcher with Kaspersky Benelux told the seminar about the detective work his team conducted.

Tracking the threat

“We had been tracking the CoinVault threat for some time after it first appeared in May 2014,” he explained. The criminals had managed to infect thousands of computers across the world, and had successfully locked at least 10,500 machines running Windows, with bitcoins demanded from users to decrypt files. Kaspersky Lab worked to develop an online decryption application providing keys which were provided by the Dutch National High Tech Crime Unit. Victims could then decrypt locked data free of charge.

Pro-active solution favoured

With the quantity and sophistication of ransomware increasing, such reactive measures will not solve the problem. The best protection is up-to-date software tools that are installed in an optimal fashion. As well, organisations need to make sure their staff are aware of the risks from cyber crime. “When new staff are hired they are routinely shown details such as car parking and where to get a coffee, but rarely do they have an explanation of the organisation’s approach to security,” noted Mr Van Lom. Such a holistic approach is needed to fend of this particularly nasty malware innovation.