Locky, one of the latest file encrypting malware families to hit the virtual streets, has become the second biggest player on the ransomware landscape, researchers at Fortinet reveal.
CryptoWall, which has been on the malware scene for a few years now, still holds the top spot when it comes to ransomware threats, while TeslaCrypt rounds out the top three most used encrypting malicious program at the moment.
Over a two week period between Feb. 17 and Mar. 2, Locky grew from a newcomer to becoming a significant threat to users worldwide.
According to a blog post from Fortinet’s Roland Dela Paz, the security firm’s statistics reveal that 16.47 percent of the total 18.6 million hits collected from the three major ransomware families belong to Locky. CryptoWall is at the top with 83.45 percent of these hits, while TeslaCrypt fell to the third position with only 0.08 percent hits.
Locky emerged in mid-February, when researchers at BleepingComputer detailed it as a new piece of ransomware capable of encrypting both local files and files on network shares, even if they are unmapped. The same as CryptoWall 4.0, the malware was observed encrypting filenames as well, thus making it more difficult for users to restore their data.
At the moment, Locky is being distributed via malicious documents attached to spam emails and is hitting users worldwide. The United States is the most affected country, accounting for over 51 percent of Locky infections, with France (16 percent) and Japan (9.7 percent) also among the top three most affected countries.Slovakia and Canada round up top five, Fortinet said.
CryptoWall has been a dominating threat in the ransomware landscape for over a year, and researchers estimate that its operators have made over $325 million in profits. Version 4.0 of the malware was released in October 2015 and started being distributed via the Nuclear exploit kit (EK) soon after, while being added to the Angler EK in January of this year.
While analyzing the CryptoWall infections, Fortinet discovered that the U.S. is once again the most affected country, with over 44 percent of infections, followed by Japan (8.6 percent) and Turkey (7.9 percent). Spain (5.5 percent) and Mexico (4.6 percent) are among the top five most affected regions.
Although accounting for a small number of infections, TeslaCrypt was recently added as the malicious payload in some Angler variants, and might soon regain more market share. In December, researchers observed that it was being delivered via a recently patched Adobe Flash exploit, which was added to the Angler EK only days after Adobe closed the vulnerability.
Over the aforementioned two-week window, most TeslaCrypt infections were observed in Korea (39.9 percent), Fortinet researchers reveal. The U.S. (14.6 percent), Turkey (14 percent), Canada (12.1 percent) and Japan (2.7 percent) are also among the most affected countries.
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
