Microsoft reports that the number of ransomware attacks on Windows computers has decreased. The company bases the information on data collected by Windows Defender, the built-in antivirus application in Windows. The software giant previously named ransomware as one of the largest threats of 2016 and millions of PCs were attacked (which included both attempts and actual infections) by the relative new type of malware.
From September last year the number of Windows computers that came in contact with ransomware has decreased. According to Microsoft this is because the emails used to distribute ransomware are blocked earlier by the spam filters of mail servers. This way users are no longer seduced to open files or follow links that lead to a ransomware infection.
Also the usage of exploit kits to distribute ransomware has decreased. With exploit kits cybercriminals try to infect users with ransomware through vulnerabilities in unpatched versions of Flash Player, Internet Explorer and Silverlight. Usage of exploitkit has decreased the last half year after the group behind the popular Angler exploit kit was arrested.
Microsoft warns that the threat of ransomware is not over, despite the decrease of ransomware attempts. Cybercriminals continue to try to infect regulars but have also expanded their working area to other platforms like servers. They also try new ways of distribution e.g. by using Skype or USB sticks.
The most popular ransomware variants that Microsoft detected are Locky, Tescrypt, Reveton, Cerber and Crowti and most attempts to infect users with the malware took place in the United States.
