Skip to main content

Ransomware threat is only getting more dangerous and costly, Symantec report says

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
Ransomware is increasing dramatically in price and malice, according to the latest report on the nasty malware from Symantec.

Ransomware encrypts your files and demands a fee, usually a few hundred dollars, for their safe return. Cybercriminals are using the tactic against individuals and businesses alike. Cases of the virus have ballooned since last year and, according to Symantec’s Ransomware and Businesses 2016 report, the troubling trend is showing no signs of slowing down.

It found that the average ransomware demand has soared from $294 in late 2015 to $679 currently. Infections are a global phenomenon but the U.S. accounts for 31 percent of cases. The rest of the top 10 is made up of Italy, Japan, the Netherlands, Germany, U.K., Canada, Belgium, India, and Australia.

More and varied strains of ransomware, like the CryptXXX ransomware, whose latest version is even tougher to crack, are being written and unleashed online.

Initial ransomware threats targeted individuals (who still account for more than half of all infections), but Symantec speculated that the trend is shifting more and more toward businesses and organizations that can afford to pay more. The services and manufacturing industries have been hit the most.

There have been several high-profile cases of businesses paying thousands of dollars in ransomware demands. In one case, the University of Calgary paid $20,000 to get its files back. This has led to the creation of a viable business model for cybercriminals to exploit. As long as people are willing to pay, they’ll get infected. It’s been dubbed “ransomware as a service.”

“The perfection of the ransomware business model has created a gold-rush mentality among attackers, as growing numbers seek to cash in. Infection numbers are trending upwards, with the number of new ransomware families discovered annually reaching an all-time high of 100 in 2015,” said the authors of Symantec’s report.

The researchers note that they expect to see cases of ransomware infections move beyond computers and mobile devices as attackers seek to diversify their efforts. They noted the recent discovery of Android malware that was now being used to infect smart TVs. Smartwatches may also be on attackers’ radars.

“One worrying potential target is industrial control systems (ICS). There have already been examples of malware attacks against ICS devices, the most famous of which was Stuxnet,” the researchers added. “Given the recent emergence of targeted ransomware attacks and the potential for disruption that an ICS attack could cause, it may only be a matter of time before attackers shift their attention to this arena.”

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Canon reportedly targeted by ransomware cyberattack
Canon EOS R5 product photo

Canon was reportedly hit by a ransomware attack that impacted emails, cloud photo and video storage, and other services. 

The attack resulted in 10TB of data stolen, according to Bleeping Computer. Customers who use Canon’s free 10GB storage feature may have been affected by this alleged attack. Canon’s email, Microsoft Teams, U.S. website, and other private databases were also reportedly affected. 

Read more
Garmin reportedly used decryption key, may have paid ransom after cyberattack
Garmin fenix 5X review wrist close up

GPS technology company Garmin is recovering from a recent ransomware attack and has reportedly received a decryption key to recover its files, suggesting it may have paid a ransom, as uncovered by Bleeping Computer.

The site found that the attackers used the WastedLocker Ransomware and reported that they demanded $10 million as a ransom. Now, it also uncovered that Garmin is using a decryption key to regain access to its files, suggesting that the company may have paid that ransom demand or some other amount. The WastedLocker software uses encryption which has no known weaknesses, so the assumption is that to break it, the company must have paid the attackers for the decryption key.

Read more