Last fall, the Cryptolocker malware terrified computer users worldwide with its ability to hold whole computers for ransom, encrypting the files on infected devices and refusing to unlock them unless victims paid a fee.
Unfortunately, Cryptolocker is just one of many kinds of "ransomware" increasingly found worldwide. Yet another antivirus and security company has found evidence that more people are encountering ransomware on the Internet, leading to increased infections, and increased earnings for the calculating cybercriminals behind the outbreak.
Prague-based security and antivirus company AVAST reported that in the past six weeks, its users have unknowingly encountered ransomware-infected websites 18 million times. For perspective, AVAST's antimalware products are installed on over 200 million PCs, Macs and Android devices, according to its own statistics.
"Browser ransomware is making a huge impact on AVAST users in France, most of North America, some of the Nordic countries, and Australia," wrote AVAST's Jan Sirmer in a company blog post (opens in new tab).
Browser ransomware can get on people's computers via a drive-by download that begins when users visit infected websites. Cybercriminals attach the malware to an exploit kit, or a piece of software designed to automatically search for exploits on a user's computer and find ways to ensure the download is successful.
Once installed, ransomware will "lock up" a computer, usually via an inescapable popup. Users will be told they must pay a fee to regain control of their captive computers.
Sirmer added that AVAST's software had protected 500,000 users from ransomware in the past 3 months, and prevented 18,000 users from being auto-redirected to ransomware host websites in the 24 hours since his post went live.
The cybercrooks behind these ransomware campaigns are regularly changing domains on which the ransomware is hosted, and creating a new ransomware domain every 10 minutes, according to AVAST. This makes it far more difficult to trace the criminals.
But AVAST says it has isolated 117 different IP addresses hosting the ransomware domains, which come from all around the world, including Austria, Brazil, Canada and the United States.
To decrease the risk of ransomware infection, users should run an antimalware program on their computers and mobile devices. Also be sure to keep your browsers up to date, so ransomware can't use any browser exploits to get on your computer, and be wary of visiting any untrusted websites.