Connect with us

Hi, what are you looking for?



CryptoWall, Locky Dominate Ransomware Landscape: Report

Locky, one of the latest file encrypting malware families to hit the virtual streets, has become the second biggest player on the ransomware landscape, researchers at Fortinet reveal.

Locky, one of the latest file encrypting malware families to hit the virtual streets, has become the second biggest player on the ransomware landscape, researchers at Fortinet reveal.

CryptoWall, which has been on the malware scene for a few years now, still holds the top spot when it comes to ransomware threats, while TeslaCrypt rounds out the top three most used encrypting malicious program at the moment.

Over a two week period between Feb. 17 and Mar. 2, Locky grew from a newcomer to becoming a significant threat to users worldwide.

According to a blog post from Fortinet’s Roland Dela Paz, the security firm’s statistics reveal that 16.47 percent of the total 18.6 million hits collected from the three major ransomware families belong to Locky. CryptoWall is at the top with 83.45 percent of these hits, while TeslaCrypt fell to the third position with only 0.08 percent hits.

Locky emerged in mid-February, when researchers at BleepingComputer detailed it as a new piece of ransomware capable of encrypting both local files and files on network shares, even if they are unmapped. The same as CryptoWall 4.0, the malware was observed encrypting filenames as well, thus making it more difficult for users to restore their data.

At the moment, Locky is being distributed via malicious documents attached to spam emails and is hitting users worldwide. The United States is the most affected country, accounting for over 51 percent of Locky infections, with France (16 percent) and Japan (9.7 percent) also among the top three most affected countries.Slovakia and Canada round up top five, Fortinet said.

CryptoWall has been a dominating threat in the ransomware landscape for over a year, and researchers estimate that its operators have made over $325 million in profits. Version 4.0 of the malware was released in October 2015 and started being distributed via the Nuclear exploit kit (EK) soon after, while being added to the Angler EK in January of this year.

While analyzing the CryptoWall infections, Fortinet discovered that the U.S. is once again the most affected country, with over 44 percent of infections, followed by Japan (8.6 percent) and Turkey (7.9 percent). Spain (5.5 percent) and Mexico (4.6 percent) are among the top five most affected regions.

Advertisement. Scroll to continue reading.

Although accounting for a small number of infections, TeslaCrypt was recently added as the malicious payload in some Angler variants, and might soon regain more market share. In December, researchers observed that it was being delivered via a recently patched Adobe Flash exploit, which was added to the Angler EK only days after Adobe closed the vulnerability.

Over the aforementioned two-week window, most TeslaCrypt infections were observed in Korea (39.9 percent), Fortinet researchers reveal. The U.S. (14.6 percent), Turkey (14 percent), Canada (12.1 percent) and Japan (2.7 percent) are also among the most affected countries.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.