Recently, some ransomware programs even gained worm-like, self-spreading capabilities. Once such threat is called ZCrypt and it copies itself to external USB drives, from where it's executed via rogue autorun.inf files.
By running a very large number of ransomware samples in a laboratory environment, the Exabeam researchers have also observed some interesting trends: for example, a recent increase in the ransom price.
"Two or three months ago most ransom values were between 0.4 and 1 bitcoin," said Barry Shteiman, the head of threat research at Exabeam. "That changed over the past month, the price now being between 2 and 5 bitcoins."
This could also be driven by the fact that many ransomware authors are now focused on targeting businesses, and companies are willing and able to pay more than consumers in order to recover critical business files.
Another interesting observation is that no new ransomware installer remains functional for more than a day.
This indicates that "ransomware campaigns are changing every day," Shteiman said. "It's like their creators work in DevOps mode, releasing new code to their spamming partners every day."
Source: CSO Online
Sign up for CIO Asia eNewsletters.