Ransomware cash demands up 266 per cent in 2016 - Symantec

Cyber criminals up ransom demands as ransomware-as-a-service becomes increasingly easy to access

The average amount demanded cyber criminals distributing ransomware shot up 266 per cent, according to Symantec.

In its most recent Internet Security Threat report Symantec said that in 2015 the average amount demanded to decrypt data on ransomware-hit machines was $294. The figure however rose to $1,077 in 2016, driven by one particular demand set at $28,730.

Symantec said that the increase can be partly attributed to the ease at which payments can now be received, as shown in a recent CRN article which demonstrate the simplicity of some ransomware-as-as-service websites available on the dark web.

The vendor however warned that payment does not necessarily guarantee that your data will be decrypted.

"Willingness to pay the ransom has to be a major reason for the increase in ransom demands," the report stated. "Ransom payment has also become easier to manage.

"To encourage victims to pay, attackers often now offer support on how to pay the fee and the wider availability of payment broker services makes it even easier to use Bitcoin, especially now that Bitcoin is not as obscure as it used to be.

"Attackers have also become more creative in their attempts to extract more from victims, with several newer ransomware families featuring variable ransom demands. For example, Cerber will double its ransom demand from 1.25 bitcoin (US$1,255) to 2.5 bitcoin after five days if the ransom remains unpaid."

Dark clouds

Symantec also highlighted a growing reliance on cloud as key to the growing success of ransomware.

According to the vendor's research CIOs on average believe their organisation to be running around 40 cloud apps, when the figure is actually closer to 1,000.

This lack of awareness is leading to inadequate cloud protocols, making the applications vulnerable to attacks, according to Symantec.

"This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier," the report said. "A growing reliance on cloud services has left organizations open to attacks.

"Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on."

As well as exploiting cloud potential, cyber criminals have also shifted their focus to more commonly used methods of computing - particularly emails.

Symantec found that in 2016 one in every 131 emails contained some form of malicious link or attachment - up from one in 220 in 2015.

"This increase in email-borne malware is driven largely by a professionalisation of malwares pamming operations," Symantec said.

"Malware authors can outsource their spam campaigns to specialised groups who conduct major spam campaigns.

"The sheer scale of email malware operations indicates that attackers are making considerable profits from these kinds of attacks and email is likely to continue to be one of the main avenues of attack in 2017."