Avast: Websites loaded with PC-locking ransomware visited millions of times each week
By Jeremy Kirk
Fresh statistics from the maker of a widely used free security product show the extent to which users are encountering file-encrypting malware known as ransomware.
On Monday, Prague-based Avast said that over the past six weeks, users of its security products landed on websites hosting ransomware more than 18 million times. The company estimates 200 million Windows, Mac and Android devices have its software installed.
“Browser ransomware is making a huge impact on Avast users in France, most of North America, some of the Nordic countries, and Australia,” wrote Jan Sirmer, senior virus analyst, on a company blog.
Avast isn’t the only security company to notice an alarming uptick in ransomware attacks. Symantec and Microsoft have warned that such attacks from malware families such as Reveton, Crilock and Cryptolocker are increasingly prevalent and leave users helpless unless their files are backed up.
Sirmer wrote that Avast’s software has stopped more than 500,000 attacks in under three months. He wrote that in just the past day or so, his company’s software stopped 18,000 users from being redirected to websites hosting ransomware.
The attackers constantly change the domains that host such malware. Sirmer wrote that a new domain hosting ransomware is created every 10 minutes.
“These days the malicious domains are hosted on 117 different IP addresses,” Sirmer wrote. “These IP addresses are distributed around the world from Austria to Brazil to Canada.”
Some of the most affected users are in North America, Poland, Italy, Canada, South America, Russia and some countries in Africa.
The scammers often demand payment in bitcoin or Web-based money services to receive the key to decrypt the files. Sometimes, victims pay and do not even receive the decryption key.
To create a stronger incentive for victims to pay, the ransomware software will sometimes display a message falsely purporting to be from a law enforcement agency warning that the computer has been used for some illegal activity.
A sure-fire way to avoid problems with ransomware is to ensure files are regularly backed up. The computer’s operating system can be erased and reinstalled to wipe malware from the system.