Mobile Ransomware Continues to Evolve

Monday, June 26, 2017 @ 05:06 PM gHale


Mobile ransomware attackers are focusing assaults on wealthy countries, a new report found.

The report from April 2016 to March 2017, shows the United States was the country with the highest percentage of mobile users attacked with mobile ransomware, followed by Canada, Germany and the UK, according to the annual ransomware report by Kaspersky Lab.

RELATED STORIES
Botnet Switches Ransomware Brands
WannaCry Shuts Honda Plant
‘Hidden Cobra’ Warning Issued by Feds
ICS Malware Linked to Grid Attack

Mobile ransomware activity skyrocketed in the first quarter of 2017 with 218,625 mobile Trojan-Ransomware installation packages, which is 3.5 times more than in the previous quarter.

Despite a small reprieve, the mobile threat landscape continues its growth curve as criminals target nations with developed financial and payment infrastructures. Developed markets not only have a higher level of income, but also more advanced and widely used mobile and e-payment systems that can end up compromised in a very easy fashion.

The rise in attacks on the United States occurred largely due to the Svpeng and Fusob malware families. While Svpeng mainly targets America, Fusob initially focused on Germany, but since Q1 2017 targeted the U.S. more with 28 percent of its attacks.

In the period of 2015-2016, Germany was the country with the highest percentage of mobile users attacked with mobile ransomware (almost 23 percent), as a proportion of users attacked with any kind of mobile malware. It’s followed by Canada (almost 20 percent), the UK and the U.S., exceeding 15 percent.

This changed in 2016-2017 with the U.S. shifting from fourth to first position (almost 19 percent). Canada and Germany retained their top-three ranking with almost 19 percent and over 15 percent respectively, leaving the U.K. ranked fourth place with more than 13 percent.

“These geographical changes in the mobile ransomware landscape could be a sign of the trend to spread attacks to rich, unprepared, vulnerable or yet unreached regions. This obviously means that users, especially in these countries, should be extremely cautious when surfing the web,” said Roman Unuchek, security expert at Kaspersky Lab.

Other key findings from the report:
• The number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4 percent compared to the previous 12 months (April 2015 to March 2016) – from 2,315,931 to 2,581,026 users around the world
• The proportion of users who encountered ransomware at least once out of the users who encountered malware fell by almost 0.8 percentage points, from 4.34 percent in 2015-2016 to 3.88 percent in 2016-2017
• Among those who encountered ransomware, the proportion that encountered cryptors rose by 13.6 percentage points, from 31 percent in 2015-2016 to 44.6 percent in 2016-2017
• The number of users attacked with cryptors almost doubled, from 718,536 in 2015-2016 to 1,152,299 in 2016-2017
• The number of users attacked with mobile ransomware fell by 4.62 percent from 136,532 users in 2015-2016 to 130,232

To reduce the risk of infection, users are advised to:
• Back up data regularly and always keep software updated on all devices.
• Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
• If you fall victim to an encryptor, use a clean system to check the No More Ransom site for a decryption tool that could help get your files back.
• Business should educate employees and IT teams; keep sensitive data separate; restrict access; and back up everything, always.
• Remember that ransomware is a criminal offence and should be reported to your local law enforcement agency.



Leave a Reply

You must be logged in to post a comment.