In 2016, the company’s extortion software infringement was tripled. This means that in January, the company suffered an infringement every 2 minutes, and in October, the company suffered an infringement every 40 seconds. For individual users, it is an infringement from every 20 seconds, and an infringement is made every 10 seconds. In 2016, there were over 62 latest extortion software clan presentations. This kind of addictive agility, so Kaspersky Lab will use blackmail as one of the top topics in 2016.

Kaspersky Lab’s annual thesis statement is part of Kaspersky’s annual Kaspersky Security Notice. The Kaspersky Security Bulletin reviews the top priorities and data of the past year and speculates on the critical situation in 2017.

In many of the trends in 2016, the blackmail software business model attracted many cybercriminals who lacked technology, capital, or one-sided knowledge of developing extortion software. According to this business model, the code writer can provide the malicious software to the cybercriminal according to the customer’s “need” to provide the merchandise. Cybercriminals use spam or websites to spread them and pay commissions to savvy software writers. Software developers also benefit from it.

Fedor Sinitsyn, a senior software analyst at Kaspersky Lab, said: “This classic “union” business model is equally useful for extorting software transactions as other types of malicious software transactions. The victims of extortion software often pay The ransom guarantees the cash activity in the system. In this way, it is inevitable that almost every day, the latest extortion software will be launched.”

Evolution of extortion software in 2016

In 2016, extortion software continued to wreak havoc around the world, becoming more messy and diverse, creating a major threat to corporate and personal user data and device security.

· Significant additions to the company’s infringement. According to Kaspersky Lab, one out of every five companies in the world has experienced an IT security incident caused by extortion of software. In a small company, one out of every five companies can’t get back their own documents even if they pay a ransom.

· Some occupational areas are more aggressive than others, but the study shows that there is no such thing as a low-risk occupation: during this period, the highest share of infringement is 23% (teaching occupation), and the lowest share of infringement is 16% (retail and Leisure career).

· The “teaching nature” of extortion software developed for system administrators to demonstrate extortion software was quickly used by cybercriminals, resulting in many extortion software, such as Ded Cryptor and Fantom.

· The latest infringements used in the extortion software in 2016 include disk encryption. In this intrusion, the invaders not only encrypt some files, but encrypt all the files, such as Petya blackmail software. Dcryptor (which was changed to Mamba) went one step further and determined all the disk drives, brute force code and long-distance visits to the victim’s computer.

· The extortion software Shade will change its own intrusion strategy, download and install spyware, instead of encrypting the victim’s files, after discovering that the infected computer belongs to the financial service organization.

The number of lower quality blackmail software has been added. The blackmail software, which is not too cluttered, often includes shortcomings, and there is a fault in the blackmail information that indicates the possibility of the victim recovering the data.

Fortunately, in 2016, the global beginning began to fight back. The severance extortion software project launched in July this year unites law enforcement agencies and suppliers to pursue and harass extortion software together, assist individual users to retrieve their own data, and disrupt the profit model of cybercriminals.

Kaspersky Lab has enhanced anti-encryption software features for the latest versions of small companies. In addition, we have released a new free anti-small software for the company to download and use, no matter what security solution the company uses.