India is ranked sixth in terms of ransomware circulation as per SophosLabs 2018 Malware Forecast 2017, a report that recaps ransomware and other cybersecurity trends based on data collected from Sophos customers worldwide during April 1 to October 3, 2017. The market is led by the US, the UK, Belgium, Singapore and Indonesia.
India is in the sixth position with 4.8 per cent ransomware circulation whereas the US is ranked No. 1 with 17.2 per cent and Australia is placed at No. 10 with 2.4 per cent.
According to the findings, two things have come out clearly. First, two strains of ransomware were responsible for 89.5 percent of all the attacks intercepted on Sophos customer computers worldwide. Second, ransomware predominately attacked Windows systems in the last six months but Android, Linux and MacOS platforms were also not immune to ransomware attack.
“Ransomware has become platform-agnostic. Ransomware mostly targets Windows computers, but this year, SophosLabs saw an increased amount of crypto-attacks on different devices and operating systems used by our customers worldwide,” said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware analysis in the SophosLabs 2018 Malware Forecast.
Global Ransomware Circulation:
Rank – Country – %age
1. US – 17.2
2. UK – 11.1
3. Belgium – 8.6
4. Singapore – 6.5
5. Indonesia – 5.3
6. India – 4.8
7. Germany – 2.9
8. Netherlands – 2.8
9. Malaysia – 2.7
10. Australia – 2.4
Source: SophosLabs 2018 Malware Forecast
WannaCry, unleashed in May 2017, was the number one ransomware intercepted from customer computers, dethroning long time ransomware leader Cerber, which first appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware tracked through SophosLabs with Cerber accounting for 44.2 percent.
“For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry. This ransomware took advantage of a known Windows vulnerability to infect and spread to computers, making it hard to control,” said Palotay.
“Even though our customers are protected against it and WannaCry has tapered off, we still see the threat because of its inherent nature to keep scanning and attacking computers. We’re expecting cyber criminals to build upon this ability to replicate seen in WannaCry and NotPetya, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya,” added Palotay.
Cerber, sold as a ransomware kit on the Dark Web, remains a dangerous threat. The creators of Cerber continuously update the code and they charge a percentage of the ransom that the “middle-men” attackers receive from victims. Regular new features make Cerber not only an effective attack tool, but perennially available to cyber criminals.
Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data and keeping patches up to date.
Android ransomware is also attracting cyber criminals. According to SophosLabs analysis, the number of attacks on Sophos customers using Android devices increased almost every month in 2017.
“In September alone, 30.4 percent of malicious Android malware processed by SophosLabs was ransomware. We’re expecting this to jump to approximately 45 percent in October,” said Rowland Yu, a SophosLabs security researcher and contributor to the SophosLabs 2018 Malware Forecast.
“One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download,” commented Yu.
“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year,” added Yu.
Enterprises must continue to educate employees and end users on the social engineering tactics attackers use to trick them into downloading malware. Corporates must also continue to keep track of vulnerabilities and patches that affect their systems.