PC crypto-ransomware also grew 5.5 times

Jun 29, 2016 22:10 GMT  ·  By

Mobile ransomware attacks targeting Android users have grown four times compared to the same period of last year, and most of these attacks can be attributed to only four strains of Android ransomware.

According to a recent Kaspersky Lab study, Android ransomware has hit 136,532 users in the 2015-2016 period, increasing from 35,413 victims recorded in the 2014-2015 period.

Most of the affected users were located in the United States, followed by Germany, Canada, and the United Kingdon.

Four Android ransomware variants accounted for 90% of all infections

Comparing Android ransomware infections to the rest of Android malware infections, the proportion of ransomware attacks grew from 2.04 percent in 2014-2015 to 4.63 percent in 2015-2016.

When Kaspersky started monitoring these infections in April 2014, the company was detecting just a few users per month, sometimes even zero. In March 2016, the company reported seeing over 30,000 Android ransomware infections each month.

Nine out of ten of these infections occurred because users got infected with one of four malware strains: Small, Fusob, Pletor, and Svpeng.

PC ransomware is even more active

For desktop users, the situation is even bleaker. In a similar report released last week, the security vendor announced it saw a 5.5 times increase in crypto-ransomware, with 718,536 users hit between April 2015 and March 2016.

Taking all ransomware variants into account, the screen-lockers, not just crypto-ransomware, Kaspersky says it detected 2,315,931 infected users across the world in the same period. This number is higher by 17.7 percent, with the company having recorded 1,967,784 infected users from April 2014 to March 2015.

Crypto-ransomware hit the hardest users located in the United States, Germany, and Italy.

During the past year, the most popular crypto-ransomware family was the now-defunct TeslaCrypt, followed by CTB-Locker, Scatter, Cryakl, CryptoWall, Shade, Mor, Aura, Locky, and Lortok. TeslaCrypt instances accounted for almost a half while CTB-Locker accounted for one-fifth of all infected users.

Android ransomware evolution
Android ransomware evolution

Ransomware statistics (3 Images)

Android ransomware quadrupled in the last 12 months
Android ransomware evolutionPC ransomware evolution
Open gallery