The global ransomware epidemic continues to make waves, as last week's WannaCry attack demonstrated: In Q1 of 2017 alone, mobile ransomware attacks increased by 253%, according to a new report from Kaspersky Lab, released Monday.
Some 218,625 mobile ransomware files were detected in the first months of the year, compared to 61,832 in the previous quarter, the report found. The Congur family of ransomware—which sets or resets the device passcode, giving attackers administrator rights to the device—accounted for more than 86% of these mobile attacks. Certain variants of Congur can cause even more trouble, using administrator rights to install their module into the system folder, where it is almost impossible to remove, the report noted.
The Trojan-Ransom.AndroidOS.Fusob.h was the most widely used form of mobile ransomware, Kaspersky Lab found. This variant, once run, requests administrator privileges, collects information about the device (including GPS coordinates and call history), and uploads that data to a malicious server. The server may then send back a command to block the device, depending on how worthwhile the hacker views the data.
"The mobile threat landscape for ransomware was far from calm in Q1," said Roman Unuchek, senior malware analyst at Kaspersky Lab, in a press release. "Ransomware targeting mobile devices soared, with new ransomware families and modifications continuing to proliferate. People need to bear in mind that attackers can - and increasingly will - try to block access to their data not only on a PC but also on their mobile device."
While mobile represents a growing threat, ransomware targeting all devices, systems, and networks also continued to proliferate, as researchers detected 11 new cryptor families and 55,679 new modifications in the first months of the year.
The United States was the country hit hardest by ransomware attacks in Q1, the report found, with Svpeng ransomware representing the most widespread threat, usually demanding a ransom of $100 to $500 from victims to unlock their devices. Uzbekistan, Canada, Kazakhstan, and Italy followed the US in terms of highest number of people infected with the malware.
Attacks on Windows machines are also on the rise, with 55,679 new Windows ransomware modifications detected in Q1—a two-fold increase over the previous quarter. Another Kaspersky Lab report released Friday found that 98% of last week's WannaCry/WannaCrypt victims were running Windows 7, and likely missed a security patch released earlier in 2017.
Overall, Kaspersky Lab detected 479,528,279 malicious attacks from online resources, located in 190 countries worldwide.
To avoid ransomware attacks, the report advised users to do the following:
1. Use robust security solutions, and make sure they keep all software up to date.
2. Regularly run a system scan to check for possible infection.
3. Stay wise while online. Do not enter personal information into a website if you are at all unsure or suspicious.
4. Back up valuable information.
The 3 big takeaways for TechRepublic readers
1. Mobile ransomware attacks increased 3.5 times in Q1 of 2017, according to a new study from Kaspersky Lab, released Monday.
2. Ransomware targeting all devices, systems, and networks is also on the rise, with 11 new cryptor families and 55,679 new modifications detected in the first months of the year.
3. To avoid ransomware attacks, users should consider using strong security systems, keeping software up to date, regularly running system scans, and backing up valuable information.
- WannaCry: The smart person's guide (TechRepublic)
- Ransomware: The smart person's guide (TechRepublic)
- Why ransomware is exploding, and how your company can protect itself (ZDNet)
- Gallery: 10 major organizations affected by the WannaCry ransomware attack (TechRepublic)
- Security TV: Ignore the email threat at your peril (ZDNet)
- Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of ransomware (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.