Check Point Press Releases

Check Point’s Global Threat Index Continues to Show a Surge in Ransomware

Threat research for September 2016 sees ransomware become one of the top three most common malware variants for the first time

San Carlos, CA  —  Thu, 20 Oct 2016

Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today revealed that ransomware attacks continued to rise during September, as the company revealed the most prevalent malware families attacking organizations’ networks in the period.

For the first time since the research was launched, ransomware moved into the top three positions in Check Point’s index of the most prevalent malware, with the Locky ransomware accounting for 6 percent of all recognized attacks globally during September. The relative presence of ransomware attacks, within the total number of global attacks, increased by 13 percent. In line of recent trends, the number of active malware families remained high, with three new entries making the top ten, including Chanitor, a downloader for malicious payloads, the Blackhole exploit kit, and Nivdort, a multipurpose bot. For the sixth consecutive month HummingBad remained the most common malware used to attack mobile devices.

Overall, Conficker was the most prominent family accounting for 14 percent of recognized attacks; second placed, Sality, accounted for 6 percent; and third placed Locky was responsible for 6 percent. In total, the top ten families were responsible for 50 percent of all recognized attacks. 

  1. ↔ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
  2. Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
  3. ↑ Locky – Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files.

Mobile malware families continued to pose a significant threat to businesses mobile devices during September. The top three mobile families include:

  1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
  2. ↑Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware,and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
  3. ↓ Ztorg – Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Nathan Shuchami, Head of Threat Prevention at Check Point explained, “The continued growth in ransomware is a symptom of the number of businesses simply paying ransoms to release critical data, making it a lucrative and attractive attack vector for cybercriminals.  To remedy this, organizations need advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage, such as Check Point’s SandBlast™ Zero-Day Protection and Mobile Threat Prevention solutions, to ensure that they are adequately secured against the latest threats.

“With the number of active malware families remaining high, combined with the range of attack methods used by the different families, it is clear to see the scale of the challenge organizations face in securing their network against exploitation by cybercriminals,” added Shuchami.

Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time.  The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors.  The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.


Follow Check Point Research via:



About Check Point Research

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.


About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. ( is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.


This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.