Is ransomware in decline or just evolving?
According to a new report from the Microsoft Malware Protection Center, the volume of ransomware being encountered is reducing.
Data from Windows Defender Antivirus shows that after peaking in August, when 385,000 encounters were registered, ransomware encounters dropped almost 50 percent in September, and have continued to decline. But this doesn't mean we’re seeing the end of the menace.
The attack vectors being used, the number of new ransomware families being released and the sophistication of the code suggests it isn't going away any time soon.
Microsoft's monitoring of ransomware over the last year reveals that every quarter, more than 500 million emails sent by spam campaigns carry ransomware downloaders that attempt to install the malware on computers.
These ransomware downloaders found their way into 13.4 million computers in 2016. Also 4.5 million computers were exposed to the Meadgive and Neutrino exploit kits, whose primary payload is ransomware. In total, the ransomware payload of these spam and exploit kit campaigns were observed in 3.9 million computers in 2016.
Ransomware has been improving in various ways. The Samas campaign has been specifically targeting server vulnerabilities, while Zcryptor was given worm-like capability, allowing it to move between endpoints once one machine is successfully infected.
Tactics have been improving too, with improved social engineering methods to pressure victims into paying up, and alternative payment and contact methods.
The threat is also a truly global one, with more than 200 territories affected. In the US alone, ransomware was encountered in more than 460,000 computers or 15 percent of global encounters. Italy and Russia follow with 252,000 and 192,000 ransomware encounters, respectively. Korea, Spain, Germany, Australia, and France all registered more than 100,000 encounters.
You can read more about the emerging ransomware trends on the TechNet blog.