Risk of Ransomware Infection Greater Than Ever

Credit: Carlos Amarillo, Shutterstock

(Image credit: Carlos Amarillo, Shutterstock)

Last fall, the Cryptolocker malware terrified computer users worldwide with its ability to hold whole computers for ransom, encrypting the files on infected devices and refusing to unlock them unless victims paid a fee. 

Unfortunately, Cryptolocker is just one of many kinds of "ransomware" increasingly found worldwide. Yet another antivirus and security company has found evidence that more people are encountering ransomware on the Internet, leading to increased infections, and increased earnings for the calculating cybercriminals behind the outbreak.

MORE: Best Antivirus Software 2014

Prague-based security and antivirus company AVAST reported that in the past six weeks, its users have unknowingly encountered ransomware-infected websites 18 million times. For perspective, AVAST's antimalware products are installed on over 200 million PCs, Macs and Android devices, according to its own statistics.

"Browser ransomware is making a huge impact on AVAST users in France, most of North America, some of the Nordic countries, and Australia," wrote AVAST's Jan Sirmer in a company blog post

Browser ransomware can get on people's computers via a drive-by download that begins when users visit infected websites. Cybercriminals attach the malware to an exploit kit, or a piece of software designed to automatically search for exploits on a user's computer and find ways to ensure the download is successful.

Once installed, ransomware will "lock up" a computer, usually via an inescapable popup. Users will be told they must pay a fee to regain control of their captive computers.

Sirmer added that AVAST's software had protected 500,000 users from ransomware in the past 3 months, and prevented 18,000 users from being auto-redirected to ransomware host websites in the 24 hours since his post went live.

The cybercrooks behind these ransomware campaigns are regularly changing domains on which the ransomware is hosted, and creating a new ransomware domain every 10 minutes, according to AVAST. This makes it far more difficult to trace the criminals.

But AVAST says it has isolated 117 different IP addresses hosting the ransomware domains, which come from all around the world, including Austria, Brazil, Canada and the United States.

To decrease the risk of ransomware infection, users should run an antimalware program on their computers and mobile devices. Also be sure to keep your browsers up to date, so ransomware can't use any browser exploits to get on your computer, and be wary of visiting any untrusted websites.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us@TomsGuide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

  • Christopher1
    Ransomware is my worst nightmare. Nearly impossible to get rid of and some of the worst randsomware encrypts your hard drive so you lose all your data on your drive AND on any drives you connect to the computer in question.

    Computers are going to have to get much more distrustful about things, especially Flash stuff, in the future.

    Windows Vista through 8 actually have it right, pop up a UAC warning anytime a piece of software wants to install or do some specific stuff (running the first time unless it is a known good Microsoft file is one exception to the rule).
  • kyle382
    AVAST-"the internet is scary and you should be afraid of the things. To protect yourself you will need our things. 200 million people already use our things to reduce the fear....so should you."
  • Gigas Raid
    It's their own fault to begin with for visiting dodgy sites. My PC never infected by malware for more than 3 years.
  • virtualban
    And 'they' will go track torrent downloaders, but won't track ransom money to the actual bandits doing this?