This week’s McAfee Labs Threats Report: December 2016 provides an overview of how ransomware has evolved over the course of 2016, and how the industry has responded.
Through the end of Q3, the number of new ransomware samples this year totaled 3,860,603, an increase of 80% since the beginning of the year. Beyond volume, ransomware exhibited notable technical advances in 2016, including partial or full disk encryption, encryption of websites used by legitimate applications, anti-sandboxing, more sophisticated exploit kits for ransomware delivery, and more ransomware-as-a-service developments.
In March we saw the appearance of partial disk encryption instead of file encryption. This type of ransomware encrypts the master file table, making files inaccessible. Ransomware authors have enabled their malware to detect and evade common sandboxing, the most common method used to thwart ransomware. There was also a significant shift by ransomware attackers from consumer to business targets, as a few successful campaigns have encouraged more attacks.
But 2016 also saw positive developments in the areas of industry collaboration and successful public-private partnerships. This summer, a group of security vendors and law enforcement organizations, led by Europol and including McAfee, announced the “No More Ransom!” collaboration to fight ransomware. This effort provides consumers prevention advice, investigation assistance, and decryption tools to address the ransomware threat. No More Ransom! has allowed ransomware victims to avoid paying an estimated US$1.48 million (€1.35 million) in ransom payments to cybercriminals. The No More Ransom! portal has received more than 24.5 million visitors since its launch, a consolidated average of 400,000 visitors per day.
Furthermore, law enforcement and security vendors collaborated by sharing threat intelligence, research, and recovery efforts. The year saw several takedowns of ransomware systems, including the Shade takedown in July and the WildFire takedown in September.
“Last year we predicted that the incredible growth in ransomware attacks in 2015 would continue into 2016. The year 2016 may indeed be remembered as ‘the year of ransomware,’ with both a huge jump in the number of ransomware attacks, a number of high-profile attacks that generated wide media interest, and significant technical advances in this type of attack. On the other side of the ransomware attacks, greater cooperation between the security industry and law enforcement, and constructive collaboration between industry rivals truly has begun to deliver results in taking the fight to the criminals. As a result, we expect the growth of ransomware attacks to slow in 2017.”
—Vincent Weafer, Vice President, McAfee Labs, McAfee