Kaspersky Lab has announced that in 2015, its solutions protected 443,920 users and corporate customers worldwide from crypto-ransomware, depriving cybercriminals of nearly $ 53 million in illegal earnings.
Crypto-ransomware, and the cybercriminals that use it, can create a lot of trouble for its victims. Once on the device, important files are encrypted (documents, photos, etc.) and a ransom is demanded from the affected person or company to decrypt the files.
The removal of a malicious program does not help to decrypt the damaged files, and in most cases it is impossible to restore the documents without a secret key. Data can be protected by preventing infection in the first place, or by restoring data from a backup copy.
If there is no backup copy, however, the victim often has either to accept the loss of files or to pay ransom – with no guarantee.
Depending on the type of malware, the number of encrypted files and the type of victim (a person or a company), the cost of decryption can vary from thirty to thousands of dollars.
The average ransom demanded by cybercriminals is $300, and according to various sources, at least 40% of the victims pay their ransom.
Knowing both the share of protected users who would agree to pay, and the average ransom amount, it is easy to calculate that in 2015 Kaspersky Lab saved $53 mln for its clients.
"The spread of ransomware has been caused by simplicity of monetization and impunity. In most cases, ransoms demanded in cryptocurrency (e.g. in bitcoins) makes it impossible to track the cybercriminal. We strongly recommend the victims not to pay, as it does not guarantee that cybercriminals will decrypt the files, and it does contribute to the development of this illegal business. Instead, we recommend users to be prepared for a situation like this in advance. Make regular backups using dedicated media and cloud storage, and use a reliable security solution, which does not allow malware to make its dirty work", comments Vyacheslav Zakorzhevsky, Head of Anti-Malware team at Kaspersky Lab.
Kaspersky Lab solutions integrate special technology that can help protect files even if infected with unknown and very "tricky" malware.
Most encryptors are “caught” when attempting to penetrate the device – by web antivirus, mail antivirus or file antivirus. If the malicious program is distributed via exploit packs that use system or installed software vulnerabilities, is it blocked by the Automatic Exploit Prevention technology, preventing the encryptor from accessing the device.
Even if some programs manage to penetrate the device and try to change user files, Kaspersky Lab's technology creates a protected copy, which is then used to automatically restore the files after the removal of malware.
This technology is part of the System Watcher module integrated in all the latest Kaspersky Lab products for Windows. It protects files from extortionist malware, and protects users from the necessity to pay the ransom. In corporate solutions, this technology prevents the proliferation of threats from one infected device to other devices - the server and network folders.
For maximum protection, Kaspersky Lab recommends home users and corporate clients to always keep this module turned on.