INTELLIGENT BRANDS // Enterprise Security
No platform
immune from
ransomware,
according to
SophosLabs
2018 Malware
Forecast
S
ophos has released its SophosLabs
2018 Malware Forecast, a report
that recaps ransomware and
other cybersecurity trends based on
data collected from Sophos customer
computers worldwide during 1 April to
3 Oct, 2017. “Ransomware has become
platform-agnostic. Ransomware mostly
targets Windows computers, but this year,
SophosLabs saw an increased amount
of crypto-attacks on different devices
and operating systems used by our
customers worldwide,” said Dorka Palotay,
SophosLabs Security Researcher and
contributor to the ransomware analysis in
the SophosLabs 2018 Malware Forecast.
to computers, making it hard to
control,” said Palotay. “Even though
our customers are protected against
it and WannaCry has tapered off,
we still see the threat because of its
inherent nature to keep scanning and
attacking computers. We’re expecting
cybercriminals to build upon this ability
to replicate seen in WannaCry and
NotPetya, and this is already evident
with Bad Rabbit ransomware, which
shows many similarities to NotPetya.”
The report also tracks ransomware
growth patterns, indicating that
WannaCry, unleashed in May 2017,
was the number one ransomware
intercepted from customer computers,
dethroning long-time ransomware
leader Cerber, which first appeared
in early 2016. WannaCry accounted
for 45.3% of all ransomware tracked
through SophosLabs with Cerber
accounting for 44.2%. The SophosLabs 2018 Malware Forecast
reports on the acute rise and fall of
NotPetya, ransomware that wreaked
havoc in June 2017. NotPetya was
initially distributed through a Ukranian
accounting software package, limiting
its geographic impact. It was able to
spread via the EternalBlue exploit, just
like WannaCry, but because WannaCry
had already infected most exposed
machines there were few left unpatched
and vulnerable. The motive behind
NotPetya is still unclear because there
were many missteps, cracks and faults
with this attack.
“For the first time we saw ransomware
with worm-like characteristics, which
contributed to the rapid expansion
of WannaCry. This ransomware took
advantage of a known Windows
vulnerability to infect and spread “NotPetya spiked fast and furiously,
and did hurt businesses because it
permanently destroyed data on the
computers it hit. Luckily, NotPetya
stopped almost as fast as it started,” said
Palotay. “We suspect the cybercriminals
www.intelligentcio.com
were experimenting or their goal was
not ransomware, but something more
destructive like a data wiper.”
Android ransomware is also attracting
cybercriminals. According to SophosLabs
analysis, the number of attacks on
Sophos customers using Android devices
increased almost every month in 2017.
“In September alone, 30.4% of
malicious Android malware processed
by SophosLabs was ransomware,” said
Rowland Yu, a SophosLabs Security
Researcher and contributor to the
SophosLabs 2018 Malware Forecast. “One
reason we believe ransomware on Android
is taking off is because it’s an easy way
for cybercriminals to make money instead
of stealing contacts and SMS, pop-up
ads or bank phishing which requires
sophisticated hacking techniques.”
The SophosLabs report further indicates
two types of Android attack methods
emerged: locking the phone without
encrypting data, and locking the
phone while encrypting the data. Most
ransomware on Android doesn’t encrypt
user data, but the sheer act of locking
a screen in exchange for money is
enough to cause people grief, especially
considering how many times in a
single day information is accessed on a
personal device. n
INTELLIGENTCIO
55