Mobile ransomware attacks focus on wealthy countries. An annual report from Woburn, Mass.-based Kaspersky Lab showed the United States leading the ransomware list, followed by Canada, Germany and the United Kingdom.
The report from April 2016 to March 2017 revealed mobile ransomware activity skyrocketed in the first quarter of 2017 with 218,625 mobile Trojan-ransomware installation packages, which is 3.5 times more than in the previous quarter.
Despite a small reprieve, the mobile threat landscape is still arousing anxiety, as criminals target nations with developed but easily compromised financial and payment infrastructures. Developed markets not only have a higher level of income, but also more advanced and widely used mobile and e-payment systems.
In early 2017, Kaspersky Lab’s researchers discovered an emerging and dangerous trend: more and more cybercriminals turning their attention from attacks against private users to targeted ransomware attacks against businesses.
The attacks primarily focused on financial organizations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.
The report warned, “The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences.”
The rise in attacks on the United States, according to the Kaspersky report, occurred largely due to the Svpeng and Fusob malware families. While Svpeng mainly targets America, Fusob initially focused on Germany, but since Q1 2017 targeted the U.S. more with 28% of its attacks.
In the period of 2015-2016, Germany was the country with the highest percentage of mobile users attacked with mobile ransomware (almost 23%), as a proportion of users attacked with any kind of mobile malware. It’s followed by Canada (almost 20%), the U.K. and the U.S., exceeding 15%.
This changed in 2016-2017 with the U.S. shifting from fourth to first position (almost 19%). Canada and Germany retained their top-three ranking with almost 19% and over 15% respectively, leaving the U.K. ranked fourth place with more than 13%.
“These geographical changes in the mobile ransomware landscape could be a sign of the trend to spread attacks to rich, unprepared, vulnerable or yet unreached regions. This obviously means that users, especially in these countries, should be extremely cautious when surfing the web,” Roman Unuchek, security expert at Kaspersky Lab. said
Among the other key findings from the mobile ransomware report: The total number of worldwide users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months – from 2,315,931 to 2,581,026.
In May 2016 Kaspersky Lab discovered Petya ransomware that not only encrypts data stored on a computer, but also overwrites the hard disk drive’s master boot record, leaving infected computers unable to boot into the operating system.
The malware is a notable example of the ransomware-as-a-service model, when ransomware creators offer their malicious product on demand, spreading it by multiple distributors and getting a cut of the profits. To get their part of the profit, the Petya authors inserted certain protection mechanisms into their malware that do not allow the unauthorized use of Petya samples.
While ransomware-as-a-service is not a new trend, this propagation model continues to develop, with more and more ransomware creators offering their malicious product. This approach has proved immensely appealing to criminals who lack the skills, resources or inclination to develop their own malware.
Notable examples of ransomware that appeared in 2016 and used this model were Petya/Mischa and Shark ransomware, later rebranded under the name Atom.
Of course, recently, a Petya ransomware attack, which first targeted Ukraine businesses, led to some 2,000 outbreaks in at least 64 countries. Petya’s successful marks included the Ukraine’s central bank, main international airport and even the Chernobyl nuclear facility as well as major organizations worldwide including the Danish shipping firm Maersk, the pharmaceutical company Merck, a Pittsburgh-area hospital, and a U.S. law firm.
--- Read A 7-Point Checklist for Advisors to Protect Against Cyberattacks on ThinkAdvisor.