Story image

Sophos report showcases ransomware's biggest hits of 2017

03 Nov 2017

2017 was a year of ransomware on the rampage and with nasties such as NotPetya on the loose, the findings from SophosLabs 2018 Malware Forecast aren’t too surprising.

Fuelling the ransomware surge this year was Ransomware-as-a-Service, which Sophos describes as ‘big business’ on the dark web.

Would-be attackers are demanding more features from ransomware. As a result, authors are including more features including encryption and antivirus evasion techniques.

Data collected from Sophos customer computers worldwide between April to October this year showed that while ransomware was mostly attacking Windows systems, other platforms – including MacOS were not immune.

Speaking about the ongoing debate as to whether Macs don’t get infected with malware, Sophos vice president of Product, Marty Ward, tells SecurityBrief that for more than 10 years, the Windows vs Mac debate has divided opinion.

He cites the Sophos report, which shows that all operating systems have been attacked this year. It shows that the top Mac malware includes potentially unwanted applications (PUAs), rather than malware.

Mac malware includes FkCodec, VSearcher, Keygen, Spynion and iWorkS, while PUAs included MacKeeper, Genieo, SpiGot, AdvancedMacCleaner Downloader and FakeFileOpener.

“Given the fact that most ransomware is proliferated via social engineering and in particular phishing emails, which are not specific to a particular operating system,” Ward explains.

“That said, the number of actual attacks to MacOS remains relatively low compared to the worlds of Windows and Android. Instead, we’re seeing Mac hit by a huge number of PUAs rather than straight-up malware.”

While WannaCry was the most prolific attack, Cerber has appeared on the most computers. The company describes NotPetya as a series of missteps, cracks and faults with no clear motive.

“NotPetya spiked fast and furiously, and did hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started. We suspect the cyber criminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper,” explains Sophos security researcher Dorka Palotay.

Android ransomware accounted for 30.4% of all malicious Android ransomware in September alone, and that number is expected to climb, according to SophosLabs security researcher Rowland Yu.

“One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.”  

Most Android ransomware doesn’t encrypt data on the phone, but instead locks the screen. This causes people enough grief that some will pay the ransom, Yu explains.

“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year.”

In Asia Pacific, Singapore accounted for 6.5% of ransomware circulation, followed by India (5.3%), Malaysia (2.7%), Australia (2.4%), Taiwan (2.4%) and the Philippines (1.9%).

“The bottom line for businesses? Ransomware is platform-agnostic and they need to protect themselves regardless of how, where and when they work. End user training, real-time interception of malware, anti-ransomware, and regular updates will be critical to remaining secure into 2018,” Ward concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.