Locky, one of the latest file encrypting malware families to hit the virtual streets, has become the second biggest player on the ransomware landscape, researchers at Fortinet reveal.
CryptoWall, which has been on the malware scene for a few years now, still holds the top spot when it comes to ransomware threats, while TeslaCrypt rounds out the top three most used encrypting malicious program at the moment.
Over a two week period between Feb. 17 and Mar. 2, Locky grew from a newcomer to becoming a significant threat to users worldwide.
According to a blog post from Fortinet’s Roland Dela Paz, the security firm’s statistics reveal that 16.47 percent of the total 18.6 million hits collected from the three major ransomware families belong to Locky. CryptoWall is at the top with 83.45 percent of these hits, while TeslaCrypt fell to the third position with only 0.08 percent hits.
Locky emerged in mid-February, when researchers at BleepingComputer detailed it as a new piece of ransomware capable of encrypting both local files and files on network shares, even if they are unmapped. The same as CryptoWall 4.0, the malware was observed encrypting filenames as well, thus making it more difficult for users to restore their data.
At the moment, Locky is being distributed via malicious documents attached to spam emails and is hitting users worldwide. The United States is the most affected country, accounting for over 51 percent of Locky infections, with France (16 percent) and Japan (9.7 percent) also among the top three most affected countries.Slovakia and Canada round up top five, Fortinet said.
CryptoWall has been a dominating threat in the ransomware landscape for over a year, and researchers estimate that its operators have made over $325 million in profits. Version 4.0 of the malware was released in October 2015 and started being distributed via the Nuclear exploit kit (EK) soon after, while being added to the Angler EK in January of this year.
While analyzing the CryptoWall infections, Fortinet discovered that the U.S. is once again the most affected country, with over 44 percent of infections, followed by Japan (8.6 percent) and Turkey (7.9 percent). Spain (5.5 percent) and Mexico (4.6 percent) are among the top five most affected regions.
Although accounting for a small number of infections, TeslaCrypt was recently added as the malicious payload in some Angler variants, and might soon regain more market share. In December, researchers observed that it was being delivered via a recently patched Adobe Flash exploit, which was added to the Angler EK only days after Adobe closed the vulnerability.
Over the aforementioned two-week window, most TeslaCrypt infections were observed in Korea (39.9 percent), Fortinet researchers reveal. The U.S. (14.6 percent), Turkey (14 percent), Canada (12.1 percent) and Japan (2.7 percent) are also among the most affected countries.
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
