Cyber criminals are turning to ransomware and Mac malware, warns Malwarebytes

Malwarebytes: 'Sophisticated' Cerber dominates ransomware with 90 per cent 'market share'

Ransomware is booming, thanks to the development of ransomware-as-a-service from the 'sophisticated' Cerber ransomware, while users of Apple Macs are also increasingly being targeted by a surge in malware and backdoors. That's according to Malwarebytes' analysis of cyber crime and malware in the first quarter of the year.

The company highlighted, in particular, the development of the FindZip Mac ransomware, for which even the developers don't have a decryption key - all they want is the ransom, leaving users high and dry after it's been paid.

And while the Locky ransomware "dropped off the map", according to Malwarebytes, ransomware continued to surge, with the Cerber ransomware-as-a-service taking over as "the top dog" as far as distribution is concerned.

"Its spread is largely because the creators have not only developed a superior ransomware with military-grade encryption, offline encrypting, and a slew of new features, but by also making it very easy for non-technical criminals to get their hands on a customised version of the ransomware," warns the report.

Cerber has also adapted and evolved, which is why it now accounts for nine-in-ten of all ransomware infections, according to Malwarebytes. The sophistication of those techniques indicate the technical know-how of the people behind Cerber.

"Security vendor Trend Micro recently released its analysis of a new Cerber variant that not only attempts to evade anti-virus solutions that employ machine learning, but also detects if the malware is executing within a sandbox or virtual machine.

"Basically, this version of Cerber is distributed via phishing emails. These emails include a link to a Dropbox folder to download a self-extracting archive file that has three files inside, each one individually not very dangerous, but designed to work together to execute Cerber functionality," warns Malwarebytes.

In mobile, two particular malware families have been causing trouble on Android. HiddenAds.lck prevents users from being able to remove the app. It raises money for its creators by pumping out adverts. Jisut, meanwhile, is nastier and more expensive: the mobile ransomware family "has been spreading like wildfire", according to Malwarebytes.

Malicious spam campaigns have also started utilising password-protected zipped files and protected Office documents to evade auto-analysis sandboxes used by security researchers. There has also, this week, been a surge in malware bidding to take advantage of the newly publicised OLE [object, linking and embedding] security flaws in Microsoft Office - although this flaw was first discovered being exploited in the wild in January.

That includes, this week, an exploit that seeks to propagate the Dridex malware, which has been widely used in online banking scams.

In the current quarter, Malwarebytes anticipates that Cerber will continue to grow in terms of usage "due to new developments made to the malware design and its continued use of the ransomware as a service model".

It concludes: "With the chaotic and dynamic nature of the cybercrime world, especially as observed over the last six months, we can expect a very interesting year and predict some serious changes with ransomware distribution and market share by the end of the summer."

Indeed, ransomware doesn't just dominate the malware landscape, it continues to grow, accounting for just over 60 per cent of all malware distributed in March 2017 - up by ten percentage points compared only to January, according to Malwarebytes' research.

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!