Australia has become a ransomware hotspot and no major platform is immune from the growing threat, according to SophosLabs’ 2018 Malware Forecast.
The report found that ransomware accounted for 57% of all cyber threats in Australia during the past six months, well ahead of the global average of 47% and almost twice as high as the previous year.
“Not surprisingly, phishing tends to be the most dominant attack vector for the proliferation of ransomware because phishing emails have become so much more convincing and believable. In fact, Australians are five times more likely to click on a phishing email than a marketing email,” Sophos VP of Products Marty Ward said.
“With 80% of Australian busophsinesses falling victim to phishing attacks, it’s important that businesses protect themselves regardless of how, where and when they work. Given the fact that most ransomware is proliferated via social engineering and in particular phishing emails, the implementation of end-user training, real-time interception of malware, anti-ransomware technology and regular system updates will be critical to remaining secure into 2018.”
Globally, the report found that while ransomware still predominately targets Windows computers, attacks against Windows, Android, Linux and MacOS systems and devices all increased during the past six months.
WannaCry dethroned ransomware leader Cerber to become the number one ransomware intercepted from SophosLabs computers, accounting for 45.3% of all ransomware. Together with Cerber (44.2%), the two strains accounted for just under nine in 10 intercepted attacks.
“For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry. This ransomware took advantage of a known Windows vulnerability to infect and spread to computers, making it hard to control,” SophosLabs Security Researcher Dorka Patolay said.
NotPetya, which used the same propagation method, could have had a similar reach had it not arrived soon after most exposed systems were patched in the wake of WannaCry. As a result it burst on to the scene with a large spike but stopped almost as soon as it started.
“We suspect the cybercriminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper. Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data and keeping patches up to date,” Patolay said.
Mobile malware is also a growing threat, with ransomware accounting for 30.4% of malicious Android malware processed by SophosLabs during September and estimated to have jumped to around 45% in October.
While most Android ransomware currently does not encrypt user data, they do lock the screen until a ransom is paid. Some variants combine the lock screen with encryption of files.
“We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year,” SophosLabs Security Researcher Rowland Yu said.
“One reason we believe ransomware on Android is taking off is because it’s an easy way for cybercriminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets — another reason for users to be very cautious about where and what kinds of apps they download.”
Image credit: ©stock.adobe.com/au/Leo Lintang