Ransomware attacks will grow significantly in 2018, says Sophos

Ransomware will become a 'vexing problem' for firms in 2018, says report

A report recently published by IT security firm Sophos predicts that ransomware become a fully fledged epidemic in 2018.

The report, which took data from clients working with the company between April and October 2017, investigates the security threats that businesses are exposed to today.

While 2017 has already seen some major outbreaks, Sophos believes that ransomware will continue to grow in 2018, affecting more companies and platforms. Cyber crooks, it said, are becoming more sophisticated.

Throughout 2017, there have been a string of global IT security crises, from WannaCry to NotPetya. According to Sophos, attackers have been able to perfect their ransomware delivery techniques to cause such outbreaks.

While most ransomware hits Windows users, the report found that other platforms aren't immune. Attackers have also been targeting mobile devices, particularly Android apps.

Ransomware, the firm says, is a "vexing problem" for businesses. Generated in may 2017, WannaCry was the biggest ransomware to affect customers - beating previous leader Cerber. The latter appeared in early 2016.

WannaCry made up 45.3 per cent of ransomware tracked by Sophas, with Cerber accounting for 44.2 per cent. Dorka Palotay, a researcher at the firm, said cyber criminals will likely launch more complex ransomware attacks in the future.

"For the first time, we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry," he said.

"This ransomware took advantage of an old Windows vulnerability to infect and spread to computers, making it hard to control," he added.

"Even though WannaCry has tapered off and Sophos has defenses for it, we still see the threat because of its inherent nature to keep scanning and attacking computers.

"We're expecting cybercriminals to build upon WannaCry and NotPetya and their ability to replicate, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya."

The report also explored the rise and fall of NotPetya, which made headlines in June 2017. Sophos said this attack was far less damaging than WannaCry, and it suspects cyber criminals were merely "experimenting".

"NotPetya spiked fast and furiously before taking a nose dive, but did ultimately hurt businesses. This is because NotPetya permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started," said Palotay. "

"We suspect the cybercriminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper.

"Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data and installing Sophos Intercept X, which can detect zero-day ransomware within seconds."

Android ransomware is also on the rise, according to the research. The report has revealed that the number of attacks on users using Google's mobile platform grew month-on-month during 2017.

The firm said that by the end of the year, its systems will have identified an estimated 10 million suspicious Android apps. In comparison, 8.5 million were processed in 2016.

Rowland Yu, a SophosLabs security researcher focusing on mobile malware, said: "In September alone, 30.37 per cent of malicious Android malware processed by SophosLabs was ransomware.

"One reason we believe ransomware on Android is taking off is because it's an easy way for cybercriminals to make money instead of stealing contacts and SMS, popping ups ads or even bank phishing which requires sophisticated hacking techniques.

It's important to note that Android ransomware is mainly discovered in non-Google Play markets - another reason for users to be very cautious about where and what kinds of apps they download."