According to “SophosLabs 2018 Malware Forecast” by global network and endpoint security leader Sophos, two types of Android attack methods are emerging — locking the phone without encrypting data and locking the phone while encrypting the data.
“Ransomware has become platform-agnostic. Ransomware mostly targets Windows computers, but this year, SophosLabs saw an increased amount of crypto attacks on different devices and operating systems used by our customers worldwide,” said Dorka Palotay, SophosLabs Security Researcher, in a statement on Saturday.
WannaCrypt, unleashed in May 2017, was the top ransomware intercepted from customer computers, dethroning the long-time ransomware leader Cerber, which first appeared in early 2016.
WannaCrypt accounted for 45.3 per cent of all ransomware tracked through SophosLabs with Cerber accounting for 44.2 per cent.
“For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCrypt. This ransomware took advantage of a known Windows vulnerability to infect and spread to computers, making it hard to control,” added Palotay.
Android ransomware is also attracting cyber criminals.
According to SophosLabs analysis, the number of attacks on Sophos customers using Android devices increased almost every month in 2017.
One reason they believe ransomware on Android is taking off is because it`s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques.
“It`s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download,” the researchers noted.
Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access.