Story image

Sophos report showcases ransomware's biggest hits of 2017

03 Nov 17

2017 was a year of ransomware on the rampage and with nasties such as NotPetya on the loose, the findings from SophosLabs 2018 Malware Forecast aren’t too surprising.

Fuelling the ransomware surge this year was Ransomware-as-a-Service, which Sophos describes as ‘big business’ on the dark web.

Would-be attackers are demanding more features from ransomware. As a result, authors are including more features including encryption and antivirus evasion techniques.

Data collected from Sophos customer computers worldwide between April to October this year showed that while ransomware was mostly attacking Windows systems, other platforms – including MacOS were not immune.

Speaking about the ongoing debate as to whether Macs don’t get infected with malware, Sophos vice president of Product, Marty Ward, tells SecurityBrief that for more than 10 years, the Windows vs Mac debate has divided opinion.

He cites the Sophos report, which shows that all operating systems have been attacked this year. It shows that the top Mac malware includes potentially unwanted applications (PUAs), rather than malware.

Mac malware includes FkCodec, VSearcher, Keygen, Spynion and iWorkS, while PUAs included MacKeeper, Genieo, SpiGot, AdvancedMacCleaner Downloader and FakeFileOpener.

“Given the fact that most ransomware is proliferated via social engineering and in particular phishing emails, which are not specific to a particular operating system,” Ward explains.

“That said, the number of actual attacks to MacOS remains relatively low compared to the worlds of Windows and Android. Instead, we’re seeing Mac hit by a huge number of PUAs rather than straight-up malware.”

While WannaCry was the most prolific attack, Cerber has appeared on the most computers. The company describes NotPetya as a series of missteps, cracks and faults with no clear motive.

“NotPetya spiked fast and furiously, and did hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started. We suspect the cyber criminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper,” explains Sophos security researcher Dorka Palotay.

Android ransomware accounted for 30.4% of all malicious Android ransomware in September alone, and that number is expected to climb, according to SophosLabs security researcher Rowland Yu.

“One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.”  

Most Android ransomware doesn’t encrypt data on the phone, but instead locks the screen. This causes people enough grief that some will pay the ransom, Yu explains.

“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year.”

In Asia Pacific, Singapore accounted for 6.5% of ransomware circulation, followed by India (5.3%), Malaysia (2.7%), Australia (2.4%), Taiwan (2.4%) and the Philippines (1.9%).

“The bottom line for businesses? Ransomware is platform-agnostic and they need to protect themselves regardless of how, where and when they work. End user training, real-time interception of malware, anti-ransomware, and regular updates will be critical to remaining secure into 2018,” Ward concludes.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.