Ransomware continues to make organisations suffer, as evidenced by the persistence of Cerber and outbreaks of WannaCry and Petya. WannaCry bested Cerber as the most prolific ransomware family, remaining active since its initial outbreak in mid-May. But that doesn’t make Cerber any less of a threat. If we narrow the scope to which ransomware appeared the most, Cerber remains the most pervasive.
Ransomware as a service (RaaS), malware kits available to anyone, regardless of skill, is a growing problem and Cerber is an example of that. Looking at affected industries, hospitals and universities have been particularly hard hit.
Defence measures
While ransomware exists on many platforms, it has historically been most prevalent on Windows. Here are some resources we previously released for Windows, many of which can help protect Android and Mac OS as well:
- Create regular file backups
- To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad
- To protect against misleading filenames, tell Explorer to show file extensions
- Deploy next generation security from Sophos Intercept X
An explosion of Android malware on Google Play and elsewhere
Ransomware also remains a big problem for Android users. We review types of Android malware, including GhostClicker, an example of poorly behaved adware, and WireX, malware used in Distributed Denial of Service attacks (DDoS).
CSG’s next generation IT security, powered by SophosLabs, will have processed an estimated 10 million Android samples submitted by Sophos customers for analysis by the end of 2017. This is up from the 8.5 million processed through all of 2016.
Looking at the top Android malware families since the beginning of 2017, Rootnik was most active family with 42% of all malware seen by SophosLabs. PornClk was second most active at 14%, while Axent, SLocker and Dloadr followed behind at 9%, 8% and 6%, respectively.
Many apps on Google Play were found to be laced with Rootnik, and that family was also seen exploiting the DirtyCow Linux vulnerability in late September.
Threats on Google Play doubled
Between January and September 2017, our proactive teams found 32 different threats on Google Play. This is double the amount from the same period a year before.
The Judy malware, for example, infected upwards of 36.5 million users by September. Over 800 Android apps were infected with Xavir malware, while the WireX botnet might have infected 140,000 devices in 100 countries by its peak on Aug. 17 – perhaps the biggest DDoS botnet to date by Android standards.
One of the more sobering finds in Google Play was Lipizzan. Spyware that infected up to 100 devices and was designed to monitor phone activity while extracting data from popular apps.
SophosLabs reported its discoveries to Google each time and the company was diligent in removing the offenders from Google Play. Unfortunately, the bad guys remain prolific and hard to keep up with.
