Seeing ransomware before it strikes
August 15, 2016
By Jack Walsh

Every day, there are articles in the news about Ransomware, but I’ll bet you don’t know just how prevalent this infectious menace has become.

At ICSA Labs, we’ve seen a tremendous spike in ransomware during the 2nd quarter of 2016.

That’s because we test and certify commercial security products with our advanced threat defense (ATD) testing program.  As part of our ATD program we find and use real, prodigious sources of new and little-known malware.  Then, equipped with the right set of new threats, we deliver them to vendor ATD solutions via the same means that they would be delivered to unsuspecting enterprises.  In that way we can best determine how well or how poorly commercial security solutions detect the latest malware.

ICSA Labs collects many new malicious threats from our spam trap. On average, it receives a couple hundred thousand spam messages each day.  We have developed an automated means of quickly making use of anything malicious that we find in our trap.

While the test set is varied, it reflects the proportion of the kinds and types of malware enterprises would encounter in the real world.  Lately we have found that ransomware is being delivered in zip files.

The figure below shows the number of zip files with ransomware captured during the 5-week test cycles each of the last three quarters that ICSA Labs performed ATD security certification testing.  As you can see, there was a tremendous spike in ransomware during the 2nd quarter.  That’s 35,814 spam messages with malicious zip files on average per day during the test cycle, versus 151 in Q1 2016 and 403 during Q4 2015. It’s no wonder ransomware is the big news these days!

To learn how ICSA Labs can help security products better protect from new malicious threats visit


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.