The threatening mobile ransomware programs focus their attacks on rich countries. Developed markets not only have a higher income level but also more advanced and more widely used mobile devices infrastructures and electronic payment infrastructures.
According to her annual report Kaspersky Lab for the 2016-2017 period, this is appealing to criminals as it means that only a few clicks are required to carry their ransom.
Kaspersky Lab continued tradition , compiling its second annual report on ransomware threats. The report covers one period two years, which for the sake of comparison has been divided into two parts of 12 months each: from April 2015 to March 2016 and from April 2016 to March 2017. We chose these specific time periods because several important changes were observed in the threat landscape of ransomware.
The activity of mobile ransomware programs was launched in the first quarter of 2017 with 218.625 mobile Trojan-Ransomware installation packages - size increased by 3,5 times compared to the previous quarter. Subsequently, activity declined to the average level of the observed two-year period. Despite little relief, the mobile threat landscape continues to be of concern as criminals target countries with developed financial infrastructure and payment infrastructures that can easily be tampered with.
In the 2015-2016 period, Germany was the country with the highest proportion of mobile devices attacked by mobile ransomware (almost 23%), compared to the percentage of users attacked with any kind of mobile malware. Canada (almost 20%), the United Kingdom and the US followed with rates exceeding 15%.
This changed 2016-2017, with the US moving from fourth to first (almost 19%). Canada and Germany maintained their positions in the top three with almost 19% and over 15% respectively, leaving the United Kingdom in fourth place with more than 13%.
The rise in the United States rate is largely due to the attacks by the Svpeng and Fusob malware families, the first of which focuses mainly on America. As for Fusob, this family of malware originally focused in Germany, but 1's quarter of 2017 has surpassed America's list of targets with 28% of attacks.
"These geographic changes in the landscape mobile ransomware programs could be a sign of the trend of spreading attacks on rich, unprepared, vulnerable or even inaccessible areas. This obviously means that users, especially in these countries, should be extremely careful when browsing the Internet, says Roman Unuchek, security expert at Kaspersky Lab.
The main findings of the report KSN-2017 included:
- The total number of users who faced ransomware between April 2016 and March 2017 increased by Present in several = 11,4% compared to previous 12 months (April 2015 to March 2016) by 2.315.931 into a 2.581.026 users worldwide.
- The percentage of users who encountered a ransomware program at least once out of the total of malware users dropped almost 0,8 percentage points from Present in several = 4,34% 2015-2016 to Present in several = 3,88% 2016-2017.
- Among those who faced a ransomware program, the percentage of those who faced cryptors increased by 13,6 percentage pointsBy Present in several = 31% 2015-2016 to Present in several = 44,6% 2016-2017.
- The number of users who were attacked with almost cryptors doubledBy 718.536 2015-2016 to 1.152.299 2016-2017.
- The number of users who were attacked by mobile ransomware decreased by 4,62% from 136.532 users of 2015-2016 to 130.232.
- 10 first countries with the highest percentage of users attacked PC ransomware (2016%), Vietnam (about 2017%), India (almost 8%), Italy (about 7,5%), 6%), Bangladesh (almost 6,6%), Japan (almost 6%), Iran (almost 6%), Spain (almost 6%), Algeria and China (almost 6%). This is a very different list compared to 3,8-2015, since Turkey, Bangladesh, Japan, Iran and Spain have been listed at rates that exceed 2016%.
To reduce the risk ofcontaminations", Kaspersky Lab recommends that users:
- Back up your data regularly.
- Use a reliable security solution and remember to keep key features - such as System Watcher - enabled.
- Always keep the software up to date on all the devices you use.
- Be careful to attach attachments to emails or messages from people you do not know. In case of doubt, you should not open them.
- In case you are business, you also need to train the employees and teams working in the field of IT. Keep sensitive data separate. Restrict access to them and back up everything, always.
- If you are unlucky and you are a victim encryptor, do not panic. Use a clean system to visit the website No More Ransom. Εκεί μπορείτε να βρείτε ένα tool fromencryptions that can help you get your files back.
- The latest versions of Kaspersky Lab products for smaller companies have been boosted with anti-cryptomalware functions. In addition, a free anti-ransomware tool has been developed, which can be downloaded and used by all businesses regardless of the security solution they have installed.
- Last but not least, remember that ransomware is a criminal offense. Please refer to the local law enforcement authorities.
For help and advice on dealing with ransomware, visit it No More Ransom. See the section No Ransom to find the latest decryptors, ransomware removal tools, and information about protection against ransomware programs.
You can read Kaspersky Lab's full report on malware on the dedicated site Securelist.com.
