Story image

Sophos report showcases ransomware's biggest hits of 2017

03 Nov 2017

2017 was a year of ransomware on the rampage and with nasties such as NotPetya on the loose, the findings from SophosLabs 2018 Malware Forecast aren’t too surprising.

Fuelling the ransomware surge this year was Ransomware-as-a-Service, which Sophos describes as ‘big business’ on the dark web.

Would-be attackers are demanding more features from ransomware. As a result, authors are including more features including encryption and antivirus evasion techniques.

Data collected from Sophos customer computers worldwide between April to October this year showed that while ransomware was mostly attacking Windows systems, other platforms – including MacOS were not immune.

Speaking about the ongoing debate as to whether Macs don’t get infected with malware, Sophos vice president of Product, Marty Ward, tells SecurityBrief that for more than 10 years, the Windows vs Mac debate has divided opinion.

He cites the Sophos report, which shows that all operating systems have been attacked this year. It shows that the top Mac malware includes potentially unwanted applications (PUAs), rather than malware.

Mac malware includes FkCodec, VSearcher, Keygen, Spynion and iWorkS, while PUAs included MacKeeper, Genieo, SpiGot, AdvancedMacCleaner Downloader and FakeFileOpener.

“Given the fact that most ransomware is proliferated via social engineering and in particular phishing emails, which are not specific to a particular operating system,” Ward explains.

“That said, the number of actual attacks to MacOS remains relatively low compared to the worlds of Windows and Android. Instead, we’re seeing Mac hit by a huge number of PUAs rather than straight-up malware.”

While WannaCry was the most prolific attack, Cerber has appeared on the most computers. The company describes NotPetya as a series of missteps, cracks and faults with no clear motive.

“NotPetya spiked fast and furiously, and did hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started. We suspect the cyber criminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper,” explains Sophos security researcher Dorka Palotay.

Android ransomware accounted for 30.4% of all malicious Android ransomware in September alone, and that number is expected to climb, according to SophosLabs security researcher Rowland Yu.

“One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.”  

Most Android ransomware doesn’t encrypt data on the phone, but instead locks the screen. This causes people enough grief that some will pay the ransom, Yu explains.

“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year.”

In Asia Pacific, Singapore accounted for 6.5% of ransomware circulation, followed by India (5.3%), Malaysia (2.7%), Australia (2.4%), Taiwan (2.4%) and the Philippines (1.9%).

“The bottom line for businesses? Ransomware is platform-agnostic and they need to protect themselves regardless of how, where and when they work. End user training, real-time interception of malware, anti-ransomware, and regular updates will be critical to remaining secure into 2018,” Ward concludes.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.