Ransomware Surges in 2016 First Half, Trend Micro Study Finds

The number of ransomware variants has escalated so far this year, Trend Micro's latest security report finds, but little data exists on how many victims have been hit.

ransomware variants

In the first half of 2016, attackers focused a great deal more on ransomware than in previous years, according to security firm Trend Micro's 2016 1H Security Roundup report.

The number of ransomware variants shot up to 79 in the first half of the year, versus 29 in all of 2015. Comparing the same time periods results in a stunning 445 percent year-over-year increase in ransomware variants, or "families," as Trend Micro terms them in the report.

In addition, exploit kit authors also have moved to support ransomware, either as a download or in a scheme known as ransomware-as-a-service (RaaS), Christopher Budd, global threat communications manager for Trend Micro, told eWEEK.

"All of the major exploit kits jumped on the ransomware bandwagon in 2016," he said. "The fact that we are seeing movement in the ransomware space, it is a big indicator that this is a big new thing."

Ransomware caused adjusted losses of $2.7 million on 1,308 cases reported in the first half of 2016, up from $1.6 million and 2,453 complaints in all of 2015, an FBI spokesperson told eWEEK. The average loss per incident also climbed to $2,000 in 2016 from about $650 in 2015.

The adjusted numbers are much smaller than the FBI's oft-cited $209 million figure for reported damages in the first half of 2016, which was skewed heavily by two complaints that cited very large damage numbers, an FBI spokesperson told eWEEK. The agency has been going through the reported incidents and adjusting the damage figures to more accurate estimates.

In addition to ransomware, an attack that focuses on compromising business email systems to reroute funds between companies and their clients has also become much more popular. Known as "business email compromise," (BEC) or "CEO email fraud," this type of attack has led to companies inadvertently paying hundreds of thousands of dollars to the wrong bank accounts.

While criminals typically focus on U.S. companies, firms in the United Kingdom, Hong Kong and Japan are often targeted, as well, according to Trend Micro, which identified more than 3,500 attacks on companies in those countries.

Both ransomware and BEC attacks dramatically affect companies' business operations, said Trend Micro's Budd. For that reason, the attacks should not just be the concern of the information-security team, but the chief financial officer, as well, he said.

"If you are the CFO for an organization or a company or an enterprise or a non-profit, you need to be worried about this threat because you, in your role, are directly affected," he said.

The Trend Micro report also noted a dramatic fall in the number of customers affected by the Angler exploit kit and the resurrection of the Neutrino exploit kit.

"Angler has just dropped off the map in the wake of law enforcement action, and Neutrino has come back following Angler disappearing," Budd said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...