Threats to programs ransomware has emerged as the most important issue in the first quarter of 2016, outperforming (as a trend) APT (Advanced Persistent Threats). According to a Kaspersky Lab report on the malware landscape in the first quarter, 2.900 experts have identified new modified versions of ransomware programs. 
This size shows an increase of 14% compared to the previous quarter. The Kaspersky Lab database currently contains approximately 15.000 modified versions of ransomware programs and the number continues to grow.
In the first quarter of 2016, Kaspersky Lab's security solutions prevented 372.602 ransomware attacks against users, whose 17% targeted the business sector. The number of attacked users increased by 30% compared to the fourth quarter of 2015.
One of the mostdata ransomware programs of this period were the Locky. Kaspersky Lab products detected "infection" attempts with this Trojan in 114 countries, which remains active even as early as May 2016.
Another ransomware program, named Petya, was interesting from a technical point of view, due to its ability to encrypt data stored on the computer, but also to replace the Master Boot Record (MBR) of the hard disk. Thus, it prevented "infected" computers from booting it functional system.
According to Kaspersky Lab's findings, the three "top" ransomware families for the first quarter were: Teslacrypt (58,4%), h CTB-Locker (23,5%) and h Cryptowall (3,4%). All three types of ransomware are spread mainly through junk mail with malicious attachments or through links that lead to "infected" websites.
"One of the reasons the programs ransomware have become so popular, is the simplicity of the "business model" used by digital criminals. Just the ransomware come in contact with the user system, there is hardly any chance of getting rid of it, without losing personal data. Also, the requirement for ransom payment to Bitcoins makes the whole process anonymous and almost undetectable, a feature particularly appealing to crooks. Another threatening trend is the "business model" Ransomware-as-a-Service (RaaS), where digital criminals pay a fee for the spread of malware or promise a percentage of ransom paid by an "infected user", commented Aleks Gostev, Chief Security Expert of the Worldwide Research and Analysis Group (GReAT).
Another reason for increasing the ransomware attacks is that users believe the threat is invincible. Businesses and individuals have no knowledge of technological countermeasures which could help prevent the "infection" and the locking of files or systems. And of course, ignorance of basic digital security rules allows criminals to speculate.
In addition to the above information on the ransomware programs, Kaspersky Lab has calculated this total level of digital malware for the first quarter of 2016 in global level. According to Kaspersky Security data Network, the malware landscape in the first quarter of 2016 was shaped like this:
- 21,2% of Internet users encountered web-based attacks at least once, smaller than 1,5 units compared to the fourth quarter of 2015.
- 44,5% of Kaspersky Lab's solution users encountered a malicious threat at least once, a size increased by 0,8 percentage points compared to the fourth quarter of 2015.
- Kaspersky Lab's solutions have proactively protected 459.970 users from fraudulent attempts by digital criminals to access online banking and steal their money.
- The share of adware programs in the total traffic of mobile threats touched the 42,7%, which made adware programs the leading mobile threat. 4.146 also found new mobile Trojan programs, a size increased by 1,7 times compared to the previous quarter. Also, the number of SMS-Trojans continues to grow.
- The number of new mobile ransomware programs increased by 1,4 times - from 1.984 in the fourth quarter of 2015 to 2.895 in the first quarter of 2016.
The full report on the landscape of digital threats (malware) in the first quarter of 2016 is available on the website securelist.com.
