Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

May 12th, 2014

Browser Ransomware Attacks are Massive in Scale

avast! Virus Lab infographic shows how prolific and wide-spread Browser Ransomware attacks have been over the last three months.

AttentionLeaving page alert

During December I wrote about the tricks and tactics of Browser Ransomware. Browser Ransomware is malware that works in different types of browsers to prevent people from using their PCs. To get access back to their own PC, the victim of this malware must pay a ransom to unblock it. The key to success for this attack is its translations into many different languages, giving the cybercrooks a bigger pool of potential victims.

Today I would like to look back on Browser Ransomware attacks and share some data from our avast! CommunityIQ with you.

We detect Ransomware attacks using several different methods.  The detections I checked were created January 30, 2014. I was really surprised at the huge impact this attack has had on AVAST users.

  • In a little under 3 months, AVAST protected more than a half million unique users around the world from Ransomware attacks.
  • In the past 6 weeks, AVAST users have unknowingly visited a site with Ransomware on it over 18 million times.
  • During last 24 hours, AVAST stopped redirection from infected sites to sites hosting Ransomware for more than 18,000 unique users.

avast! Virus Lab looks at Browser Ransomware

 

Cybercrooks behind the attacks continually change the domains which hosts the locker. Every ten minutes approximately one new domain is created, and these numbers are slightly growing.Users are then redirected to the new domain.

These days the malicious domains are hosted on 117 different IP addresses. These IP addresses are distributed around the world from Austria to Brazil to Canada. These are addresses in Montreal, Canada and Denver, Colorado.

Browser Ransomware use malicious domains on 117 IP addresses.This example shows hosted domains on one of the IP addresses.

hosted sites

This map shows the location of users who have had close-calls with infected sites over the last five days. Browser ransomware is making a huge impact on AVAST users in France, most of North America, some of the Nordic countries, and Australia.

Ransomware

Examining the data since the detection was created shows the huge amount of users visiting ransomware infected domains in North America, but an even higher number of users were from Poland. Additional hotspots with considerable numbers are Italy, Canada, some countries in Africa, South America and Russia.

Ransomware_all

 

avast! Antivirus users are protected from visiting sites with Ransomware, but you should never forget that every computer user can be affected by new criminal tactics. In that case only common sense can help protect your data, money, and computers.

French version of Browser ransomware:

SHA256  a39ef2658b72bc0966a92f80329d276ea27344d7d62b9021475630d29397a7cb

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

  1. May 12th, 2014 at 22:09 | #1

    We should all be happy that avast! has our back. We also need to remember that the best offense is a good defense. For Crypto Locker the only valid offense is a secure backup strategy. You also need to remember to disconnect from the internet before you create your backup and, disconnect your external USB Hard Drive from your computer after creating the backup.
    The backup could be encrypted if you get infected by Crypto Locker and the external usb connected HD is still connected to your computer.
    Stay safe, be free.

Comments are closed.