SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos report showcases ransomware's biggest hits of 2017
Fri, 3rd Nov 2017
FYI, this story is more than a year old

2017 was a year of ransomware on the rampage and with nasties such as NotPetya on the loose, the findings from SophosLabs 2018 Malware Forecast aren't too surprising.

Fuelling the ransomware surge this year was Ransomware-as-a-Service, which Sophos describes as ‘big business' on the dark web.

Would-be attackers are demanding more features from ransomware. As a result, authors are including more features including encryption and antivirus evasion techniques.

Data collected from Sophos customer computers worldwide between April to October this year showed that while ransomware was mostly attacking Windows systems, other platforms – including MacOS were not immune.

Speaking about the ongoing debate as to whether Macs don't get infected with malware, Sophos vice president of Product, Marty Ward, tells SecurityBrief that for more than 10 years, the Windows vs Mac debate has divided opinion.

He cites the Sophos report, which shows that all operating systems have been attacked this year. It shows that the top Mac malware includes potentially unwanted applications (PUAs), rather than malware.

Mac malware includes FkCodec, VSearcher, Keygen, Spynion and iWorkS, while PUAs included MacKeeper, Genieo, SpiGot, AdvancedMacCleaner Downloader and FakeFileOpener.

“Given the fact that most ransomware is proliferated via social engineering and in particular phishing emails, which are not specific to a particular operating system,” Ward explains.

“That said, the number of actual attacks to MacOS remains relatively low compared to the worlds of Windows and Android. Instead, we're seeing Mac hit by a huge number of PUAs rather than straight-up malware.

While WannaCry was the most prolific attack, Cerber has appeared on the most computers. The company describes NotPetya as a series of missteps, cracks and faults with no clear motive.

“NotPetya spiked fast and furiously, and did hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started. We suspect the cyber criminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper,” explains Sophos security researcher Dorka Palotay.

Android ransomware accounted for 30.4% of all malicious Android ransomware in September alone, and that number is expected to climb, according to SophosLabs security researcher Rowland Yu.

“One reason we believe ransomware on Android is taking off is because it's an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It's important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.” 

Most Android ransomware doesn't encrypt data on the phone, but instead locks the screen. This causes people enough grief that some will pay the ransom, Yu explains.

“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year.

In Asia Pacific, Singapore accounted for 6.5% of ransomware circulation, followed by India (5.3%), Malaysia (2.7%), Australia (2.4%), Taiwan (2.4%) and the Philippines (1.9%).

“The bottom line for businesses? Ransomware is platform-agnostic and they need to protect themselves regardless of how, where and when they work. End user training, real-time interception of malware, anti-ransomware, and regular updates will be critical to remaining secure into 2018,” Ward concludes.