No
Platform Immune from Ransomware, According to SophosLabs 2018 Malware Forecast
Platform Immune from Ransomware, According to SophosLabs 2018 Malware Forecast
·
Ransomware ravaged Windows, but attacks on Android, Linux
and MacOS systems also increased in 2017
Ransomware ravaged Windows, but attacks on Android, Linux
and MacOS systems also increased in 2017
·
Just two strains of ransomware were responsible for 89.5
percent of all attacks intercepted on Sophos customer computers worldwide
Just two strains of ransomware were responsible for 89.5
percent of all attacks intercepted on Sophos customer computers worldwide
SINGAPORE, Nov. 3,
2017
– Sophos (LSE: SOPH), a global leader in network
and endpoint security, today announced its SophosLabs 2018 Malware Forecast, a report that
recaps ransomware and other cybersecurity trends based on data collected from Sophos
customer computers worldwide during April 1 to Oct. 3, 2017. One key finding shows
that while ransomware predominately attacked Windows systems in the last six
months, Android, Linux and MacOS platforms were not immune.
2017
– Sophos (LSE: SOPH), a global leader in network
and endpoint security, today announced its SophosLabs 2018 Malware Forecast, a report that
recaps ransomware and other cybersecurity trends based on data collected from Sophos
customer computers worldwide during April 1 to Oct. 3, 2017. One key finding shows
that while ransomware predominately attacked Windows systems in the last six
months, Android, Linux and MacOS platforms were not immune.
“Ransomware has become platform-agnostic. Ransomware mostly targets
Windows computers, but this year, SophosLabs saw an increased amount of crypto-attacks
on different devices and operating systems used by our customers worldwide,”
said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware
analysis in the SophosLabs 2018 Malware Forecast.
Windows computers, but this year, SophosLabs saw an increased amount of crypto-attacks
on different devices and operating systems used by our customers worldwide,”
said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware
analysis in the SophosLabs 2018 Malware Forecast.
The report also tracks ransomware growth patterns, indicating that
WannaCry, unleashed in May 2017, was the number one ransomware intercepted from
customer computers, dethroning longtime ransomware leader Cerber, which first
appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware
tracked through SophosLabs with Cerber accounting for 44.2 percent.
WannaCry, unleashed in May 2017, was the number one ransomware intercepted from
customer computers, dethroning longtime ransomware leader Cerber, which first
appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware
tracked through SophosLabs with Cerber accounting for 44.2 percent.
“For the first time we saw ransomware with worm-like characteristics,
which contributed to the rapid expansion of WannaCry. This ransomware took
advantage of a known Windows vulnerability to infect and spread
to computers, making it hard to control,” said Palotay. “Even though our customers are protected against it and
WannaCry has tapered off, we still see the threat because of its inherent
nature to keep scanning and attacking computers. We’re expecting cyber
criminals to build upon this ability to replicate seen in WannaCry and NotPetya,
and this is already evident with Bad Rabbit ransomware, which shows many similarities to
NotPetya.”
which contributed to the rapid expansion of WannaCry. This ransomware took
advantage of a known Windows vulnerability to infect and spread
to computers, making it hard to control,” said Palotay. “Even though our customers are protected against it and
WannaCry has tapered off, we still see the threat because of its inherent
nature to keep scanning and attacking computers. We’re expecting cyber
criminals to build upon this ability to replicate seen in WannaCry and NotPetya,
and this is already evident with Bad Rabbit ransomware, which shows many similarities to
NotPetya.”
The SophosLabs 2018 Malware Forecast reports on the acute rise and fall
of NotPetya, ransomware that wreaked havoc in June 2017.
NotPetya
was initially distributed through a Ukranian accounting software package,
limiting its geographic impact. It was able to spread via the EternalBlue
exploit, just like WannaCry, but because WannaCry had already infected most
exposed machines there were few left unpatched and vulnerable. The motive behind
NotPetya is still unclear because there were many missteps, cracks and faults
with this attack. For instance, the email account that victims needed to
contact attackers didn’t work and victims could not decrypt and recover their
data, according to Palotay.
of NotPetya, ransomware that wreaked havoc in June 2017.
NotPetya
was initially distributed through a Ukranian accounting software package,
limiting its geographic impact. It was able to spread via the EternalBlue
exploit, just like WannaCry, but because WannaCry had already infected most
exposed machines there were few left unpatched and vulnerable. The motive behind
NotPetya is still unclear because there were many missteps, cracks and faults
with this attack. For instance, the email account that victims needed to
contact attackers didn’t work and victims could not decrypt and recover their
data, according to Palotay.
“NotPetya spiked fast and furiously, and did hurt businesses because it
permanently destroyed data on the computers it hit. Luckily, NotPetya stopped
almost as fast as it started,” said Palotay. “We suspect the cyber criminals
were experimenting or their goal was not ransomware, but something more
destructive like a data wiper. Regardless of intention, Sophos strongly advises
against paying for ransomware and recommends best practices instead, including backing up data and
keeping patches up to date.”
permanently destroyed data on the computers it hit. Luckily, NotPetya stopped
almost as fast as it started,” said Palotay. “We suspect the cyber criminals
were experimenting or their goal was not ransomware, but something more
destructive like a data wiper. Regardless of intention, Sophos strongly advises
against paying for ransomware and recommends best practices instead, including backing up data and
keeping patches up to date.”
Cerber, sold as a ransomware kit on the Dark Web, remains a dangerous
threat. The creators of Cerber continuously update the code and they charge a
percentage of the ransom that the “middle-men” attackers receive from victims.
Regular new features make Cerber not only an effective attack tool, but
perennially available to cyber criminals. “This Dark Web business model is
unfortunately working and similar to a legitimate company is likely funding the
ongoing development of Cerber. We can assume the profits are motivating the
authors to maintain the code,” said Palotay.
threat. The creators of Cerber continuously update the code and they charge a
percentage of the ransom that the “middle-men” attackers receive from victims.
Regular new features make Cerber not only an effective attack tool, but
perennially available to cyber criminals. “This Dark Web business model is
unfortunately working and similar to a legitimate company is likely funding the
ongoing development of Cerber. We can assume the profits are motivating the
authors to maintain the code,” said Palotay.
Android ransomware is also attracting cyber criminals. According to
SophosLabs analysis, the number of attacks on Sophos customers using Android
devices increased almost every month in 2017.
SophosLabs analysis, the number of attacks on Sophos customers using Android
devices increased almost every month in 2017.
“In September alone, 30.4 percent of malicious Android malware processed
by SophosLabs was ransomware. We’re expecting this to jump to approximately 45
percent in October,” said Rowland Yu, a SophosLabs security researcher and contributor
to the SophosLabs 2018 Malware Forecast. “One reason we believe ransomware on Android
is taking off is because it’s an easy way for cyber criminals to make money
instead of stealing contacts and SMS, popping ups ads or bank phishing which
requires sophisticated hacking techniques. It’s important to note that Android
ransomware is mainly discovered in non-Google Play markets – another reason for
users to be very cautious about where and what kinds of apps they
download.”
by SophosLabs was ransomware. We’re expecting this to jump to approximately 45
percent in October,” said Rowland Yu, a SophosLabs security researcher and contributor
to the SophosLabs 2018 Malware Forecast. “One reason we believe ransomware on Android
is taking off is because it’s an easy way for cyber criminals to make money
instead of stealing contacts and SMS, popping ups ads or bank phishing which
requires sophisticated hacking techniques. It’s important to note that Android
ransomware is mainly discovered in non-Google Play markets – another reason for
users to be very cautious about where and what kinds of apps they
download.”
The SophosLabs report further indicates two types of Android attack
methods emerged: locking the phone without encrypting data, and locking the
phone while encrypting the data. Most ransomware on Android doesn’t encrypt user
data, but the sheer act of locking a screen in exchange for money is enough to
cause people grief, especially considering how many times in a single day information
is accessed on a personal device. “Sophos recommends backing up phones on a
regular schedule, similar to a computer, to preserve data and avoid paying
ransom just to regain access. We expect ransomware for Android to continue to
increase and dominate as the leading type of malware on this mobile platform in
the coming year,” said Yu.
methods emerged: locking the phone without encrypting data, and locking the
phone while encrypting the data. Most ransomware on Android doesn’t encrypt user
data, but the sheer act of locking a screen in exchange for money is enough to
cause people grief, especially considering how many times in a single day information
is accessed on a personal device. “Sophos recommends backing up phones on a
regular schedule, similar to a computer, to preserve data and avoid paying
ransom just to regain access. We expect ransomware for Android to continue to
increase and dominate as the leading type of malware on this mobile platform in
the coming year,” said Yu.
For access to the full report and infographic, please go to SophosLabs 2018 Malware
Forecast.
Forecast.
Please
visit Sophos News for our detailed write-ups, 2018 Malware Forecast
Ransomware Hits Hard, Crosses Platforms and 2018 Malware Forecast Questions
and Answers.
visit Sophos News for our detailed write-ups, 2018 Malware Forecast
Ransomware Hits Hard, Crosses Platforms and 2018 Malware Forecast Questions
and Answers.
# # #
Explore Sophos’ new Machine
Learning Guide, including a
collection of articles that explain the
Learning Guide, including a
collection of articles that explain the
technology in depth.
Protect every Mac and PC in your home
with the next generation of centrally managed free internet security software, Sophos Home.
with the next generation of centrally managed free internet security software, Sophos Home.
About Sophos
Sophos is a leader in
next-generation endpoint and network security, and as the pioneer of
synchronized security develops its innovative portfolio of endpoint, network,
encryption, web, email and mobile security solutions to work better together.
More than 100 million users in 150 countries rely on Sophos solutions as the
best protection against sophisticated threats and data loss. Sophos products
are exclusively available through a global channel of more than 26,000
registered partners. Sophos is headquartered in Oxford, UK and is publicly
traded on the London Stock Exchange under the symbol “SOPH.” More
information is available at www.sophos.com.
next-generation endpoint and network security, and as the pioneer of
synchronized security develops its innovative portfolio of endpoint, network,
encryption, web, email and mobile security solutions to work better together.
More than 100 million users in 150 countries rely on Sophos solutions as the
best protection against sophisticated threats and data loss. Sophos products
are exclusively available through a global channel of more than 26,000
registered partners. Sophos is headquartered in Oxford, UK and is publicly
traded on the London Stock Exchange under the symbol “SOPH.” More
information is available at www.sophos.com.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!