Ransomware continues to spread quickly and widely across the world, tightening its hold on the data and devices of both individuals and businesses.
Over the last year, ransomware has grown in sophistication and diversity. Kaspersky's Security Bulletin the evolution of ransomware, including key developments from the last 12 months, including the main trends and discoveries, as well as what measures are being taken to fight back against it.
A business is attacked by ransomware every 40 seconds
Attacks on businesses increased three-fold between January and the end of September, rising from an attack every two minutes to one every 40 seconds. For individuals, the rate of increase went from every 20 seconds to every 10 seconds. Overall, 23.9% of ransomware attacks are targeting corporates, up from 17% at the beginning of 2016.
.
A quarter of all users were attacked by CTB-Locker ransomware
Cerber and Locky arrived in the early spring; nasty, virulent strains of ransomware that are propagated widely through spam attachments and exploit kits. CryptXXX appeared a little later on, but established itself with the other two as a major player', targeting individuals and corporates. All three families continue to evolve alongside well-established incumbents such as CTB-Locker, CryptoWall and Shade.
.
42% of small and medium-sized businesses were hit by ransomware last year
According to Kaspersky Lab research, in 2016, one in five businesses worldwide suffered an IT security incident as a result of a ransomware attack. As a result, small and medium-sized businesses are increasingly struggling with ransomware attacks, with 42% of them being hit by ransomware in the last 12 months. Of those affected, 32% paid the ransom, but one in five never got their files back, even after paying.
.
The number of new ransomware modifications has increased by eleven-fold
62 new ransomware families appeared in 2016, bringing with them a vast increase in the number of new ransomware modifications: 32,091 in Q3 from 2,900 in Q1, an increase of 11-fold. Locky ransomware, a new addition last spring, has so far been spread across 114 countries.
.
One in five IT and education businesses was affected by ransomware
Social engineering and human error remain key factors in corporate vulnerability. One in five cases involving significant data loss came about through employee carelessness or lack of awareness. Some industry sectors, including education and IT/telecoms are harder hit than others, but the research shows that all industries are at risk; there's no such thing as a low-risk sector any more.
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
