A US cyber-security firm Fortinet reported that today’s top ransomware families are CryptoWall, Locky, and TeslaCrypt.
The security company collected the data using its Intrusion Prevention System (IPS) system. The experts logged traffic from infected machines to IPs known to belong to ransomware C&C servers.
The collected information does not indicate the number of infected victims, though it shows in quantitative form, the amount of traffic exchanged between infected machines and their server.
According to the security company, between February 17, when the Locky ransomware was noted first, up to March 2, the most active ransomware campaign belonged to the CryptoWall family which amounted to 83.45% of all connections. So, it is not surprising that CryptoWall takes the number one spot in top 3 ransomware list.
CryptoWall is an old and battle-tested ransomware family, which was sold to affiliate groups. Lots of hackers trust it due to its efficiency and constant updates that allow it to avoid being cracked by security specialists.
Another interesting fact is that Locky usage skyrockets as it takes over Dridex botnet. The surprise was recorded at the number two spot, where the two-weeks-old Locky got 16.47% of the total 18.6 million logged connections.
This meteoric rise is due to the fact that Locky replaced the Dridex banking trojan, and is currently distributed via a well-oiled spam operation that’s been active for two years and run by professional malware operators.
The last one in the top 3 ransomware families is TeslaCrypt, which unexpectedly accounted only for 0.08% of all the connections, despite having a strong start of the year, benefiting from a massive campaign that saw its operators hijack countless of WordPress and Joomla sites to distribute their ransomware.
According to security researchers, most victims of the three ransomware families are located in USA, though Japan, Canada, and Mexico are seriously affected as well.