Mobile ransomware attacks soar 350%

Register now

The global nightmare of ransomware shows no sign of slowing down, with the volume of mobile ransomware increasing by 350 percent in the first quarter of this year. That is the finding of the new report “Kaspersky Lab Malware Report for Q1, 2017.”

The Kaspersky study found that ransomware targeting all devices, systems and networks continues to grow, with 11 new cryptor families and 55,679 new modifications making their appearance in the first quarter. The United States was the country hardest hit by mobile ransomware during that period, with Svpeng ransomware being the most widespread threat.

“Ransomware targeting mobile devices soared, with new ransomware families and modifications continuing to proliferate,” explains Roman Unuchek, senior malware analyst at Kaspersky Lab. “People need to bear in mind that attackers can – and increasingly will - try to block access to their data not only on a PC but also on their mobile device.”

As evidence, the number of mobile ransomware files detected by Kaspersky Labs reached 218,625 during the first quarter of 2017, compared to 61,832 in the previous quarter. The Congur family of ransomware was one of the most popular ransomware variants used in attacks. Congur ransomware is primarily a blocker, which sets or resets the device PIN (passcode) giving the attackers administrator rights on the device, Unuchek explained.

Some variants of the malware take further advantage of these rights in order to install their module into the system folder from where it is almost impossible to remove, Unuchek says.

Despite the popularity of Congur, Trojan-Ransom.AndroidOS.Fusob.h remained the most widely used mobile ransomware, accounting for nearly 45 percent of all users attacked by this threat during the quarter. Once run, the Trojan requests administrator privileges, collects information about the device, including GPS coordinates and call history, and uploads the data to a malicious server. Based on what it receives, the server may send back a command to block the device, Unuchek explains.

In all, 55,679 new Windows ransomware modifications were detected during the first quarter, representing a near two-fold increase from fourth quarter 2016 (which saw 29,450 threats). Most of these new modifications belonged to the Cerber family.

Other online threat statistics from the report include:

  • Kaspersky Lab detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world.
  • 79,209,775 unique URLs were recognized as malicious by web antivirus components.
  • Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288,000 user computers.
  • Crypto-ransomware attacks were blocked on 240,799 computers of unique users.
  • The Kaspersky Lab file antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.

Kaspersky Lab mobile security products also detected:

  • 1,333,605 malicious installation packages.
  • 32,038 mobile banking Trojans (installation packages).

Unuchek offered the following tips to help reduce the risk of ransomware infection:

  • “Use robust security solutions and make sure they keep all software up to date.”
  • “Regularly run a system scan to check for possible infection.”
  • “Stay wise while online. Do not enter personal information into a website if you are at all unsure or suspicious.”
  • “Back up valuable information.”
For reprint and licensing requests for this article, click here.