No platform is immune from ransomware. Ransomware ravaged Windows, but attacks on Android, Linux and MacOS systems also increased in 2017 and just two strains of ransomware (WannaCry and Cerber) were responsible for 89.5% of all attacks, according to the SophosLabs 2018 Malware Forecast.
This year in particular has seen an increased amount of crypto attacks on different devices and operating systems used by people worldwide, making cybersecurity a top priority for organisations globally. Sophos, a global leader in cybersecurity solutions, has been tracking root causes and trends around these breaches. The report released on Thursday recaps ransomware and other cybersecurity trends based on data collected from Sophos customer computers worldwide during 1 April to 3 October and uses the findings to predict what might happen in 2018.
According to the key findings, WannaCry, unleashed in May 2017, was the number one ransomware intercepted from customer computers, dethroning long time ransomware leader Cerber, which first appeared in early 2016. WannaCry accounted for 45.3% of all ransomware tracked through SophosLabs with Cerber accounting for 44.2%.
“For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry. This ransomware took advantage of a known Windows vulnerability to infect and spread to computers, making it hard to control," said Palotay.
According to the analysis, the biggest activity spikes were in mid-May and late-June, due to the outbreaks of WannaCry and NotPetya, respectively. Another spike from mid-late August represents a resurgence of Locky,the third most active ransomware family.
While NotPetya caused the biggest spike, it didn’t do much after that point. People couldn’t even contact the attacker about payment and description. The attackers also gave out an email address that didn’t work. Sophos believe its creators were merely using it to experiment – or the goal was never to create ransomware but something more destructive, like a data wiper.
Ransomware also remains a big problem for Android users. According to SophosLabs analysis, the number of attacks on Sophos customers using Android devices increased almost every month in 2017. In September alone, 30.4% of malicious Android malware was ransomware and this is expected to jump to approximately 45% in October. “One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping up ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets—another reason for users to be very cautious about where and what kinds of apps they download." Rowland Yu, a SophosLabs security researcher
The SophosLabs report indicates two types of Android attack methods emerged: locking the phone without encrypting data, and locking the phone while encrypting the data. Most ransomware on Android doesn’t encrypt user data, but the sheer act of locking a screen in exchange for money is enough to cause people grief, especially considering how many times in a single day information is accessed on a personal device.