Russian-speaking criminal gangs are responsible for over 75% of crypto ransomware, new research announced at RSA Conference 2017 claims.
A total 47 of the 62 new crypto ransomware families discovered by Kaspersky Lab in 2016 can be tied to Russian-speaking groups or individuals. This conclusion is reportedly based on "observation of underground forums, command and control infrastructure, and other artefacts".
"It is hard to draw strong conclusions on why so many of the ransomware families out there have a Russian origin," wrote senior malware analyst Anton Ivanov in a SecureList blog, "but it is safe to say that this is because there are a lot of well-educated and skilled code writers in Russia and its neighboring countries."
Ivanov also cited the fact that Russia has a strong history of ransomware, linking the current epidemic to a wave of attacks from 2009 to 2011, which blocked access to browsers and operating systems in exchange for a fee. "The epidemic withered for a number of reasons," he said, "but it seems that experienced ransomware criminals haven't disappeared".
Other statistics revealed as part of the research include the fact that in Q3 2016, an individual was hit with a ransomware attack every ten seconds while a business was attacked every 40 seconds. Furthermore, one in five SMBs who ponied up the cash for the ransom still did not get their data decrypted.
The news comes at a time when fears of Russian hackers are at an all-time high. Debate still rages over whether or not Putin ordered state-sponsored hacks during the US election, and President Donald Trump's top national security advisor, Michael Flynn, resigned just this morning over leaks showing he had held discussions with the Russian ambassador over sanctions, before allegedly trying to cover the discussions up, though Flynn said he had accidentally misinformed the president over the nature of his talks.
-
Using WinRAR? Update now to avoid falling victim to this file path flawNews WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
Amazon CEO Andy Jassy doubles down on the company's AI focusNews Amazon CEO Andy Jassy thinks companies need to "lean into" AI and embrace the technology despite concerns over job losses.
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
