Cyber-thieves are increasingly adopting ransomware in their attacks, with over 120 separate families of ransomware currently available according to reports from the BBC.
During the last couple of weeks, McAfee Labs has noticed a considerable rise in spam related to Locky ransomware which spreads through spam campaigns.
According to the security researchers, the spam email senders craft their mails carefully in a bid to lure victims.
McAfee Labs detected the spam email Locky in March which spreads through an attachment that can evade antispam filters. It uses social engineering to trick users into opening the attachment.
Separately, others researchers have found a 3,500% rise in the criminal use of net infrastructure that assists cyber-thieves to conduct ransomware attacks.
By using malicious ransonware, cyber attackers corrupt the data on a computer of a victim and then demand payment to restore it.
The demand for payment may vary depending upon on the victim’s status. If a victim is individual, ransom demanded to restore data could be few hundred pounds and in case of business, the amount may go to few thousand pounds.
In March, Apple’s Macintosh computers were detected to have been targeted with the first fully functional ransomware after attackers infected installers with malware. Palo Alto Networks called the ransomware as "KeRanger".
Intel Security European technology head Raj Samani was quoted by BBC as saying: "Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping."
Samani added that the company saw a more than 25% increase in ransomware cases in the first quarter of this year.
He criticised the increase in freely available source code for ransonware for the growing number of attacks.
A security researcher Bart Parys said: "The return on investment is very high."
Parys and his colleagues have now identified 124 types of ransomware.
He said: "It’s safe to say that certain groups are behind several ransomware programs, but not all.
"Especially now with Eda and HiddenTear copy and paste ransomware, there are many new, and often unexperienced, cybercriminals."
The amount of net infrastructure used by the hackers has also thrown light on the growth of ransonware attackers.
Infoblox, which monitors the net’s infrastructure, has found a 35-fold increase in the numbers of web domains used to host the information and payment systems.
Infoblox vice-president of security Rod Rasmussen was quoted by BBC as saying: "They use it and customise it for each attack."
"They will have their own command and control infrastructure and they might use it to generate domains for a campaign.
"Then they’ll have some kind of payment area that victims can go to."
SentinelOne founder Tomer Weingarten said that the increase in ransomware is being assisted by tricks used by cyber-thieves to escape from being detected by security software.
Weingarten said: "Traditional anti-virus software is not effective in dealing with these types of attacks."
