McAfee: Ransomware Malware on the Rise

McAfee's threat report for the second quarter spotlights increases in ransomware, AutoRun worms and password-stealing malware.

The number of new ransomware samples jumped roughly 50 percent between the first and second quarters of 2012, according to a new report from McAfee.

Ransomware restricts access to infected computer systems so that attackers can extort payments in exchange for restoring access. According to McAfee, the number of new ransomware threats increased to more than 120,000 during the second quarter, a significant jump from the first quarter.

Just recently, the FBI issued another warning about a scheme that used ransomware known as Reveton along with the Citadel platform to infect users. Once the victim's computer was infected with Reveton, they would receive a demand posing as a message from authorities that claimed the infected computer had been locked due to a link to child pornography. The attackers would then demand payment.

The rip-off is nothing new, McAfee noted.

"Ransomware has increased during the last several quarters," the company noted. "This quarter we saw ransomware at its busiest ever. Ransomware is particularly problematic because the damage is instant and commonly a machine is rendered completely unusable. So not only is the victim's data destroyed, but some of the victim's money is also gone if he or she attempts to pay the attacker's ransom. And although it is a personal disaster for a home user to lose years' worth of data, pictures and memories, the situation can be much worse in an enterprise if the malware encrypts all the data that a victim has write-access to on a corporate network."

Ransomware was not the only type of malware to increase during the quarter. Overall, the firm detected an increase of 1.5 million in malware since the first quarter of the year. Thumb drive and password-stealing malware grew significantly. With nearly 1.2 million new samples of AutoRun worms detected, AutoRun malware posed a challenge during the quarter. In addition, 1.6 million new samples of password-stealing malware were detected.

Rootkits rose slightly in the quarter, with Koutodor showing tremendous growth. Meanwhile, detections of the ZeroAccess and TDSS rookits declined somewhat compared to the first quarter.

In regards to malicious sites, McAfee Labs recorded an average of 2.7 million new bad URLs per month. In June, these new URLs were related to about 300,000 bad domains-a figure that is equivalent to about 10,000 new malicious domains every day, the company said. Of these malicious URLs, 94.2 percent were seen hosting malware, exploits or code designed to hijack computers.

"Over the last quarter we have seen prime examples of malware that impacted consumers, businesses and critical infrastructure facilities," Vincent Weafer, senior vice president of McAfee Labs, said in a statement. "Attacks that we've traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices and techniques such as ransomware and drive-by downloads targeting mobile. This report highlights the need for protection on all devices that may be used to access the Internet."

At its height, the Flashback malware infected more than 600,000 Macs worldwide.