Between 200,000 and 250,000 systems have been infected by CryptoLocker ransomware in its first 100 days, with UK firms proving a popular target.
That's according to Dell SecureWorks, whose counter-threat unit (CTU) research team has examined infection rates of the malware family, which is believed to have been authored by Russian or Eastern European cybercriminals and targets English-speakers.
Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware. However, CryptoLocker changes the game by aggressively encrypting files on the victim's PC and returning control of the files to them only after they stump up for a ransom, Dell SecureWorks said.
Two attempts by its CTU team to assess the malware's global impact - one in late October and one in mid December - suggested the UK is suffering the highest number of infected systems behind only the US. Firms in the financial, hospitality and public utiliies industries are among those hit.
"Based on the presented evidence, CTU researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat," said Dell SecureWorks senior security researcher Keith Jarvis in a blog.
The ransom amount settled at $300 - or two Bitcoins (BTC) - within a few weeks of its introduction in early September, Jarvis said. Bitcoin price inflation prompted the cybercriminals to chop the ransom to 1 BTC, 0.5 BTC and finally 0.3 BTC, where it has remained.
The Bitcoins collected by the perpetrators would currently be worth $980,000, Jarvis said, although this represents a conservative estimate of the ransoms harvested because most payments have been made through MoneyPak.
A minimum of 0.4 per cent, and very likely many times that, of CryptoLocker victims are electing to pay the ransom, CTU researchers estimated.
"Early versions of CryptoLocker were distributed through spam emails targeting business professionals (as opposed to home Internet users)," Jarvis said. "The lure was often a "consumer complaint" against the email recipient or their organisation."
Jarvis concluded: "CryptoLocker is neither the first ransomware nor the first destructive malware to wreak havoc on infected systems. However, the malware authors appear to have made sound design decisions that complicate efforts to mitigate this threat and have demonstrated a capable distribution system based on the Cutwail and Gameover Zeus botnets."
Telco also announced series of initiatives to drive digital growth in the UK
Nana Baffour opens up on Getronics' mammoth acquisition of Pomeroy
Analyst predicts SaaS will remain the dominant segment in the market as it grows 17 per cent in 2019
NSS Labs claims vendors are refusing to have their products tested effectively and are trying to restrict its access