Browser Ransomware Attacks are Massive in Scale

avast! Virus Lab infographic shows how prolific and wide-spread Browser Ransomware attacks have been over the last three months.

AttentionLeaving page alert

During December I wrote about the tricks and tactics of Browser Ransomware. Browser Ransomware is malware that works in different types of browsers to prevent people from using their PCs. To get access back to their own PC, the victim of this malware must pay a ransom to unblock it. The key to success for this attack is its translations into many different languages, giving the cybercrooks a bigger pool of potential victims.

Today I would like to look back on Browser Ransomware attacks and share some data from our avast! CommunityIQ with you.

We detect Ransomware attacks using several different methods.  The detections I checked were created January 30, 2014. I was really surprised at the huge impact this attack has had on AVAST users.

  • In a little under 3 months, AVAST protected more than a half million unique users around the world from Ransomware attacks.
  • In the past 6 weeks, AVAST users have unknowingly visited a site with Ransomware on it over 18 million times.
  • During last 24 hours, AVAST stopped redirection from infected sites to sites hosting Ransomware for more than 18,000 unique users.

avast! Virus Lab looks at Browser Ransomware


Cybercrooks behind the attacks continually change the domains which hosts the locker. Every ten minutes approximately one new domain is created, and these numbers are slightly growing.Users are then redirected to the new domain.

These days the malicious domains are hosted on 117 different IP addresses. These IP addresses are distributed around the world from Austria to Brazil to Canada. These are addresses in Montreal, Canada and Denver, Colorado.

Browser Ransomware use malicious domains on 117 IP addresses.This example shows hosted domains on one of the IP addresses.

hosted sites

This map shows the location of users who have had close-calls with infected sites over the last five days. Browser ransomware is making a huge impact on AVAST users in France, most of North America, some of the Nordic countries, and Australia.


Examining the data since the detection was created shows the huge amount of users visiting ransomware infected domains in North America, but an even higher number of users were from Poland. Additional hotspots with considerable numbers are Italy, Canada, some countries in Africa, South America and Russia.



avast! Antivirus users are protected from visiting sites with Ransomware, but you should never forget that every computer user can be affected by new criminal tactics. In that case only common sense can help protect your data, money, and computers.

French version of Browser ransomware:

SHA256  a39ef2658b72bc0966a92f80329d276ea27344d7d62b9021475630d29397a7cb

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Leave a Reply