Ransomware continues to spread quickly and widely across the world, tightening its hold on the data and devices of both individuals and businesses.
Over the last year, ransomware has grown in sophistication and diversity. Kaspersky's Security Bulletin the evolution of ransomware, including key developments from the last 12 months, including the main trends and discoveries, as well as what measures are being taken to fight back against it.
A business is attacked by ransomware every 40 seconds
Attacks on businesses increased three-fold between January and the end of September, rising from an attack every two minutes to one every 40 seconds. For individuals, the rate of increase went from every 20 seconds to every 10 seconds. Overall, 23.9% of ransomware attacks are targeting corporates, up from 17% at the beginning of 2016.
.
A quarter of all users were attacked by CTB-Locker ransomware
Cerber and Locky arrived in the early spring; nasty, virulent strains of ransomware that are propagated widely through spam attachments and exploit kits. CryptXXX appeared a little later on, but established itself with the other two as a major player', targeting individuals and corporates. All three families continue to evolve alongside well-established incumbents such as CTB-Locker, CryptoWall and Shade.
.
42% of small and medium-sized businesses were hit by ransomware last year
According to Kaspersky Lab research, in 2016, one in five businesses worldwide suffered an IT security incident as a result of a ransomware attack. As a result, small and medium-sized businesses are increasingly struggling with ransomware attacks, with 42% of them being hit by ransomware in the last 12 months. Of those affected, 32% paid the ransom, but one in five never got their files back, even after paying.
.
The number of new ransomware modifications has increased by eleven-fold
62 new ransomware families appeared in 2016, bringing with them a vast increase in the number of new ransomware modifications: 32,091 in Q3 from 2,900 in Q1, an increase of 11-fold. Locky ransomware, a new addition last spring, has so far been spread across 114 countries.
.
One in five IT and education businesses was affected by ransomware
Social engineering and human error remain key factors in corporate vulnerability. One in five cases involving significant data loss came about through employee carelessness or lack of awareness. Some industry sectors, including education and IT/telecoms are harder hit than others, but the research shows that all industries are at risk; there's no such thing as a low-risk sector any more.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Two years on from its Series B round, Hack the Box is targeting further growthNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field dayNews February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
-
The Zservers takedown is another big win for law enforcementNews LockBit has been dealt another blow by law enforcement after Dutch police took 127 of its servers offline
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victimsNews Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
