No Platform Immune from Ransomware,According to SophosLabs2018Malware Forecast

Information Technology Press Releases Thursday November 23, 2017 16:37
Bangkok--23 Nov--Sophos

Ransomware ravaged Windows, but attacks on Android, Linux and MacOS systems also increased in 2017 Just two strains of ransomware were responsible for 89.5 percent of all attacks intercepted on Sophos customer computers worldwide

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced its SophosLabs 2018 Malware Forecast, a reportthat recapsransomwareand other cybersecurity trends based on data collected fromSophos customer computersworldwide during April 1 to Oct. 3, 2017. One key finding showsthat while ransomware predominately attacked Windows systemsin the last six months, Android, Linux and MacOS platforms were not immune.

"Ransomware has become platform-agnostic. Ransomware mostly targets Windows computers, but this year, SophosLabs saw anincreased amount ofcrypto-attacks on different devices and operating systems used by our customers worldwide," said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware analysis in the SophosLabs 2018 Malware Forecast.

The report also tracksransomware growth patterns, indicating that WannaCry, unleashed in May 2017,was the number one ransomware intercepted from customer computers, dethroning longtime ransomware leader Cerber, which first appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware tracked through SophosLabs with Cerber accounting for 44.2 percent.

"For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry. This ransomware took advantage of aknown Windows vulnerability to infect and spread to computers, making it hard to control," said Palotay. "Even though our customers are protected against it and WannaCry has tapered off,we still see the threatbecause of its inherent nature to keep scanning and attacking computers. We're expecting cyber criminals to build upon this ability to replicate seen in WannaCry and NotPetya, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya."

The SophosLabs 2018 Malware Forecast reports on theacute rise and fall of NotPetya, ransomware that wreaked havoc in June 2017. NotPetya was initially distributed through a Ukranian accounting software package, limiting its geographic impact. It was able to spread via the EternalBlue exploit, just like WannaCry, but because WannaCry had already infected most exposed machines there were few left unpatched and vulnerable.The motive behind NotPetya is still unclear because there were many missteps, cracks and faults with this attack. For instance, the email account that victims needed to contact attackers didn't work and victims could not decrypt and recover their data, according to Palotay.

"NotPetya spiked fast and furiously, anddid hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started," said Palotay. "Wesuspect the cyber criminals were experimentingor their goal was not ransomware, but something more destructive like a data wiper. Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data and keeping patches up to date."

Cerber, sold as a ransomware kit on the Dark Web, remainsa dangerous threat. The creators of Cerber continuously update the code and they charge a percentage of the ransom that the "middle-men" attackers receive from victims. Regular new features make Cerber not only an effective attack tool, but perennially available to cyber criminals."This Dark Web business model is unfortunately working and similar to a legitimate company is likely funding the ongoing development of Cerber. We can assume the profits are motivating the authors to maintain the code," said Palotay.

Android ransomware is alsoattracting cyber criminals. According to SophosLabs analysis, the number of attacks on Sophos customers using Android devices increased almost every month in 2017.

"In September alone, 30.4 percent of malicious Android malware processed by SophosLabs was ransomware. We're expecting this to jump to approximately 45 percent in October," said Rowland Yu, a SophosLabs security researcher and contributor to the SophosLabs 2018 Malware Forecast. "One reason we believe ransomware on Android is taking off is because it's an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads orbank phishing which requires sophisticated hacking techniques. It's important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download."

The SophosLabs reportfurther indicates two types of Android attack methods emerged: locking the phone without encrypting data, and locking the phone while encrypting the data. Most ransomware on Android doesn't encrypt user data, but the sheer act of locking a screen in exchange for money is enough to cause people grief, especially considering how many times in a single day information is accessed on apersonal device. "Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year,"said Yu.

For access to the full report and infographic, please go toSophosLabs 2018 Malware Forecast.
Please visit Sophos News for our detailed write-ups,2018 Malware Forecast Ransomware Hits Hard, Crosses Platforms and 2018 Malware Forecast Questions and Answers.

Latest Press Release

IRPC empowers 5,000 employees with digital training from SkillLane

IRPC Public Company Limited (IRPC) today has signed a cooperation agreement with SkillLane – Thailand's number one digital training platform – to digitize corporate training for their 5,000 employees. This agreement opens up opportunities for...

From Ancient Capital to High-Tech Hub: Xi#an to Host Tech-World Leaders for the Global Programmer#s Festival 2018.

On September 10th, 2018 it was announced that the ancient Silk Road capital, and China's most internationally investible city, Xi'an, will become the 'spiritual home' of programming once more as it hosts the 2nd Global Programmers Festival this October...

Polyplastics Confirms Viability of PPS for Bump-off Molding of Automotive Engine Cooling Systems

Polyplastics Co., Ltd., a leading global supplier of engineering thermoplastics, has completed an extensive study which confirms the viability of polyphenylene sulfide (PPS) for bump-off molding of automotive engine cooling systems. Polyplastics' linear...

HealthifyMe Works With CleverTap to Deliver Personalized User Experiences

CleverTap, a leading mobile marketing platform, today announced that HealthifyMe, India's largest and most loved health and fitness app, is using their advanced marketing automation platform to drive growth through personalized user experiences. (Logo:...

Join in Thailand Big Bang with ZTE together to Shape Thailand Big Data

Big Data will reshape the human society, not only a great step to intelligent digital life ,but also guiding and analyze from individual person to entire human society, and, 5G networks will also be a critical part on the map of Big Data. At Big Bang...

Related Topics