One kind of Android smartphone ransomware is behind a massive rise in malicious software

McAfee Labs report says 244 new threats are detected every minute - and that Android is the target in a boom in ransomware attacks.
Written by Danny Palmer, Senior Writer

Some of the most well-known forms of malware have continued to grow throughout 2017.

Image: iStock

The number of different families of ransomware is ever-growing and has risen to almost 10 million known samples of the file-encrypting malware - while the most stealthy forms of malicious software have also boomed.

That figure is up from six million ransomware samples just one year ago, representing a 59 percent increase, say figures in the latest McAfee Labs Quarterly Threats Report.

One of the most significant reasons the ransomware attacks have risen so much is because cybercriminals are increasingly targeting Android smartphones.

The report cites the Congur ransomware as the most significant reason for this, with figures suggesting that this single Android-targeting family accounts for almost nine in ten mobile attacks.

This rise in mobile ransomware attacks coincides with a general increase in malware targeting smartphones and tablets. Indeed, mobile malware has grown 79 percent in the last year, with 16.7 million samples now detected by cybersecurity researchers at McAfee Labs.

They note that the largest contributor to this was Android/SMSreg, a false battery improvement app which collects data from the infected device without the knowledge or consent of the user.

Ransomware remains highly effective as enough organisations will give in and pay a ransom in order to regain access to their files. And the recent WannaCry epidemic - which came too late to be included in this report - widely publicised ransomware, so other cybercriminals are likely to want a piece of the pie: as a result ransomware is going to get worse before it gets better.

For other forms of malware - ones which rely on not being as in-your-face as ransomware - increasingly sophisticated evasion techniques are aiding the cybercriminal cause. Indeed, evasion tools are increasingly sold on the dark web - sometimes at low prices, says the report.

One form of malware which has benefited heavily from the use of sophisticated evasion techniques is the Dridex banking trojan, which relies on being extremely stealthy in order to carry out its nefarious deeds.

"There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by hackers and malware authors, and many of them can be purchased off the shelf from the Dark Web," said Vincent Weafer, Vice President of McAfee Labs.

"This quarter's report reminds us that evasion has evolved from trying to hide simple threats executing on a single box, to the hiding of complex threats targeting enterprise environments over an extended period of time, to entirely new paradigms, such as evasion techniques designed for machine learning based protection."

McAfee says it catalogs 244 new cyber threats every minute, the equivalent of more than four every second.


Editorial standards