Friday, May 20, 2016

Ransomware Heat Map Spring 2016

Ransomware is the new darling of rogueware developers and cyber-criminals, who can pay large amounts to developers because it has proven to be such a good source of money for cyber-criminals. Listen up corporations, pay your IT folks better because talent is being sucked up by the darknet.

There has been a huge increase in the number of ransomeware variants of this type including Cryptowall, CTB-Locker, Teslacrypt, Chimera and now you can Cerber to the list. 
Here's the current Ransomware Heat Map for 1st 3 months of 2016, according to Microsoft.

Image Source: Microsoft Malware Protection Center (image lightened for readability)












The numbers (for above graphic) and listed in article as a basic table that just list ransomeware total counts by country. It was unsavory because the numbers were not in context of actual online internet users by country.

So I created the following Excel file adding population figures by country to get the Ransomware per Internet Users(or Capita) percentage, which is put the Ransomeware Machine Count numbers in greater context.


The embedded Excel file below is revealing. Scrolling to right, and a simple calculation nets ransomware to a be a projected $263,753,000.00 USD for countries listed in 2016.

This is a working (embedded) Excel file using
Microsoft Excel Online excellent share feature!



Conclusions 

Italy has the highest ransomware infection rate per active internet users(capita), followed by Canada and then United States.
  1. Italy wins 1st prize for most gullible country award, or least protected. Capisci!
  2. Canada is 2nd most gullible country for ransomware, or least protected, eh!
  3. USA is 3rd most gullible country for ransomware. What??
The results do defy some standard held beliefs that North America are the most technological savvy internet users.

Sources
https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/
http://www.internetworldstats.com/

Recent Ransomware Threats 

Chimera Ransomware

Recently, one more joined this set are malware encrypting user’s private files and demanding ransom for decrypting it is Chimera is one is command and control mechanism uses a peer-to-peer messaging system called Bitmessage, a good piece of engineering, but in the wrong hands.  
  • Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper
Inner workings of Chimera
https://blog.malwarebytes.org/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/

Cerber Ransomware


When you computer is infected with Cerber a victim's data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. Unfortunately, at this point there is no known way to decrypt a victim's encrypted files for free! That's why you need to be concerned.

Here's How Cerber Works in detail
https://blog.malwarebytes.org/threat-analysis/2016/03/cerber-ransomware-new-but-mature/

No comments:

Post a Comment