Ransomware is on the rise according the the latest report from enterprise threat protection specialist Damballa, with an increase in average daily infections of the Kovter infection of 153 per cent between April and May this year.
Kovter is "police ransomware" that displays fake legal warnings about pornography. At its peak of activity in June it was recording almost 44,000 infections per day. But while Kovter was thriving CryptoLocker was dealt a blow by the taking down of the GameOver Zeus botnet.
The report heralds the taking down of GoZ as a new era for cyber security and partnerships between public and private enterprises, but points out that the industry can’t be complacent. Already new variants of GoZ are appearing in an attempt to re-establish the botnet.
Read more: Second generation ransomware now in the wild
The report also looks at infection rates for enterprises and reveals that the size of an organisation has no bearing on number of malware infections. In the second quarter of 2014 Damballa saw enterprises with 200,000+ devices experience only a handful of infections and those with under 600 devices have alarmingly high numbers of infections - and everywhere in between.
On any given day the proportion of active infected devices ranged from 0.1 per cent to 18.5 per cent which in a large company could mean thousands of infected devices. But as the report points out, "Advanced malware is designed to be evasive. It may stop communicating to its Command & Control server at any time. That's why it's critical to observe a device’s activity over time to compile definitive of infections. If you rely on security prevention controls that only watch the attack vector, you can miss some criminal activity altogether".
You can access the full report in PDF form on the Damballa website.