IT and Business Insights for SMB Solution Providers

Quick Heal Technologies Report Confirms the Rising Threat of Ransomware as New Variants Emerge

The company releases its quarterly threat report based on findings uncovered through global deployment of its IT security product line. By ChannelPro

Quick Heal Technologies, a provider of data security products designed to simplify security management across endpoints, mobile devices, and networks, has revealed the results of its First Quarter Threat Report for 2016. The complete report offers insight into the rising threat of ransomware as new variants and propagation techniques emerge worldwide. Through the deployment of its IT security products, Quick Heal is able to detect new threats that have the potential to impact businesses across North America, where it offers its Seqrite line of cloud-enabled solutions for small to medium-size businesses.

According to the report, the number of malware samples detected by Quick Heal during the first quarter represented a significant increase over the same period in 2015. The Windows platform alone was hit by more than 340 million samples during the quarter, with January being the most active month at nearly 117 million samples. Also, more than 20,000 Android malware samples were detected on a daily basis, representing a 38 percent increase over Q1 2015.   

The report provides insight into the top 10 malware samples detected on Windows and Android devices, as well as detection statistics for malware across all platforms, spanning the categories of ransomware, adware, potentially unwanted applications (PUAs), trojans, infectors, worms, and exploits.

The report also states that ransomware remains a rapidly growing threat in 2016. One of the fastest moving threats in this category is TeslaCrypt, which emerged a year ago and has employed new infection and propagation techniques in 2016. New variants of the TeslaCrypt Trojan, as described on the Quick Heal blog, make their way into the computer systems of unsuspecting users to hijack images, spreadsheets, PowerPoint presentations, and other files.

“Unlike other ransomware, TeslaCrypt begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And the only way to get this key is for the victim to pay a ransom,” says Sanjay Katkar, Quick Heal CTO and co-founder. “The best prevention is to never download attachments or click on links in emails received from unwanted or unexpected sources—even if the sources look familiar. Also, don’t respond to pop-up ads or alerts while visiting unfamiliar websites, and apply all necessary security updates, keeping automatic updates on.” 

Because TeslaCrypt targets data, the most crucial step is to perform regular backups, Katkar advises. This can eliminate the need to pay a ransom if the data is already safely backed up and available.

Mobile ransomware and banking trojans are also on the rise. Quick Heal detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking trojans were also detected with completely new variants of existing families, compared to 21 for all of 2015.

Other key findings in the report include:

  • Targeted profit-making attacks: Attackers appear to be changing their strategies from long-run attacks to ones that deliver nearly instant payouts, and they have moved their attention towards the healthcare and banking sectors. 
  • PUAs disguised as software updates: PUAs are also on the rise, entering a targeted victim’s computer system and appearing on the screen as a pop-up ad on Internet Explorer, Firefox, or Google Chrome, prompting the user to click with the intention of updating their Adobe Flash Player, Java, or other software. Once downloaded, the malware proceeds to infect the victim’s computer with adware and browser hijackers as well as other PUAs.
  • Adware advances: Recent Adware samples have been found to focus their attacks more on network resources such as DNS settings, where they can hijack proxies and disable the auto update feature on web browsers and more.
  • Microsoft Office and Java represent top targets: The vulnerabilities found in Office and Java together make up 92 percent of the most popular exploit targets, giving IT executives more reasons to focus on protection for these widely used products.
  • Android platform threats increase: More than 178 new malware families and 275 new malware variants were found to be afflicting the Android platform in the first quarter. At the same time, Android Adware samples dropped from a 59 percent increase in the same period last year to a 42 percent increase in Q1 2016. The most common Android malware, Android.Sprovider.C, enters mobile devices primarily through third-party app stores, and MazarBOT, can steal SMS messages and wipe data from smartphones entirely.

For a free copy of the Q1 Threat Report, visit the Quick Heal website.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.