Review of the ransomware threat situation analysis report for 2017 and the analysis report for 2017
From to 183, according to a report released by the 238 Internet Security Center, New ransomware variants and new domain names were intercepted on the computer. At least more than 4.725 million computers in China were attacked by ransomware. On average, about 14 thousand computers in China were attacked by ransomware every day.
Ransomware attack features in 2017
In May 2017, WannaCry, the permanent ransomware that affected the world, broke out on a large scale. It uses the hacker tool EternalBlue, which is allegedly stolen from the U.S. National Security Agency, to achieve fast global dissemination and cause huge losses in a short time.
Different industries suffer from the Eternal Blue ransomware worm attacks, the engineering construction industry is the most attacked industry, accounting for 20.5% of the total, followed by 17.3% of the manufacturing industry and 15.3% of the energy industry.
Ransomware with 2017 Major impact
Among the ransomware victims who seek help from the Internet Security Center, Cerber, Crysis, and WannaCry ransomware families have the most victims, accounting for 58.4% of the total. Cerber accounts for 21.0%, Crysis accounts for 19.9%, and WannaCry accounts for 17.5%.
Five communication modes
In 2017, ransomware was spread in the following ways: Server intrusion, automatic distribution of vulnerabilities and email attachments, spread through the software supply chain, and spread through Trojans.
In 2017, ransomware attacks mainly showed the following characteristics: No C2 server encryption technology was popular, the attack target was switched to government and enterprise institutions, the attack target began to be diversified, ransomware platform-based operation, and more attackers outside China.
Domestic computer users suffering from ransomware attacks spread across all provinces in China. Among them, Guangdong accounts for the highest proportion, which is 14.9%, followed by Zhejiang 8.2%, and Jiangsu 7.7%. The top 10 provinces account for 64.1% of all attacks in China.
Proportion of affected industries
According to a sample survey, the energy industry is the industry most attacked by ransomware, accounting for 42.1% of the total ransomware attacks, followed by 22.8% of the medical industry, the financial industry is 17.8%.
Among all ransomware victims who seek help from the Internet Security Center, the IT/Internet industry has the largest victims, accounting for 27.0%; followed by manufacturing, accounting for 18.6%; the proportion of the education industry is 14.8%.
Focusing on Small and Medium-sized Enterprises
In 2017, about 15% of ransomware attacks targeted small and medium-sized enterprise servers, especially those in the Crysis, xtbl, wallet, arena, and Cobra families.
Men are most prone to "poisoning"
In January to November 2017, anti-ransom services received 2325 victims of ransomware attacks for help. According to the survey, men are the most vulnerable to ransomware attacks, accounting for 90.5%, while women only account for 9.5%.
From the perspective of the victim's job position, the average employee is more than half of the total number of victims, accounting for 51.8%, followed by managers and senior managers, accounting for 33.0%, accounting for 13.4% of middle and middle-level management of enterprises, accounting, the CEO, chairman of the board, and President account for 1.8% of the total.
Which files are easily encrypted?
According to the file infection type of the victim who asked for help, 87.6% of the Office documents on the victim's computer were infected, 77.4% of the image files were infected, and 54.0% of the video files were infected, 48.7% of audio files are infected, and 8.2% of database files are infected.
Of the victims who seek help, 5.8% have already paid ransom to restore the file, and 94.2% have chosen to refuse to pay the ransom to restore the file.
This report also summarizes the Ten typical cases of ransomware attacks and emergency response. Five of them are typical cases of persistent blue attacks and responses, and the other five are typical cases of server intrusion attacks and responses.
Ransomware prediction in 2018
Ransomware attack Trend Forecast in 2018:
From the overall situation, the quality and quantity of ransomware will continue to rise, and more kill-free technologies will be used;
According to the attack characteristics, ransomware's self-propagation capability will become stronger and stronger, and the silent period will be extended;
From the perspective of attack targets, more and more types of operating systems will be attacked by ransomware, and the targeted attack capability will be even more prominent;
In addition, the economic losses caused by ransomware will increase, and the number of victims who pay the ransom will also increase. However, for various reasons, the success rate of restoring files by paying the ransom will be greatly reduced.
The following technologies are most likely to become mainstream in anti-ransomware:
Automatic Backup isolation protection technology;
Intelligent trapping technology;
Behavior tracking technology;
Smart file format analysis technology and data stream analysis technology.
For enterprise users, cloud-based immunization and password protection technologies will also play a crucial role.