Russian-speaking criminal gangs are responsible for over 75% of crypto ransomware, new research announced at RSA Conference 2017 claims.
A total 47 of the 62 new crypto ransomware families discovered by Kaspersky Lab in 2016 can be tied to Russian-speaking groups or individuals. This conclusion is reportedly based on "observation of underground forums, command and control infrastructure, and other artefacts".
"It is hard to draw strong conclusions on why so many of the ransomware families out there have a Russian origin," wrote senior malware analyst Anton Ivanov in a SecureList blog, "but it is safe to say that this is because there are a lot of well-educated and skilled code writers in Russia and its neighboring countries."
Ivanov also cited the fact that Russia has a strong history of ransomware, linking the current epidemic to a wave of attacks from 2009 to 2011, which blocked access to browsers and operating systems in exchange for a fee. "The epidemic withered for a number of reasons," he said, "but it seems that experienced ransomware criminals haven't disappeared".
Other statistics revealed as part of the research include the fact that in Q3 2016, an individual was hit with a ransomware attack every ten seconds while a business was attacked every 40 seconds. Furthermore, one in five SMBs who ponied up the cash for the ransom still did not get their data decrypted.
The news comes at a time when fears of Russian hackers are at an all-time high. Debate still rages over whether or not Putin ordered state-sponsored hacks during the US election, and President Donald Trump's top national security advisor, Michael Flynn, resigned just this morning over leaks showing he had held discussions with the Russian ambassador over sanctions, before allegedly trying to cover the discussions up, though Flynn said he had accidentally misinformed the president over the nature of his talks.
-
UK to host largest European GPU cluster under £11 billion Nvidia investment plansNews Nvidia says the UK will host Europe’s largest GPU cluster, totaling 120,000 Blackwell GPUs by the end of 2026, in a major boost for the country’s sovereign compute capacity.
-
Jensen Huang says AI will make us busier – so what’s the point?Opinion So much for efficiency gains and focusing on the more “rewarding” aspects of your job
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
