PC and mobile threats have increased in both numbers and complexity for the past couple of years.
However, some malware strands have proliferated more than others, mostly because cybercriminals have been using them for generating huge revenue streams from infected victims.
File-encrypting malware – known as ransomware – is a type of malware that has generated over hundreds of millions of dollar from extortion, the FBI even estimating that it could lead to more than 1 billion dollars in financial losses by the end of 2016.
Ransomware has not only become a growing threat for PCs, but also for Android-running devices.
During the first half of 2016, the largest number of ransomware reports came from the United States, with 19.09 percent of the total number of ransomware reports, globally.
The United Kingdom came in second, with 11.89 percent, just only 2.26 percentage points above Germany (9.63 percent) that ranked third in our most affected countries targeted by ransomware.
However, in terms of some of the most prolific ransomware families, worth noting is that the largest number of ransomware incidents seem to involve delivery via JavaScript files.
Either embedded in email attachments or distributed via malicious websites, it seems to be the most popular method used by cybercriminals when infecting victims.
Some 44.98 percent of all ransomware reports account for JavaScript files being used to smuggle ransomware on victims’ PCs.
One of the reasons for why we’ve seen JavaScripts ranking so high in our report could point to cybercriminals looking to avoid having their droppers being marked by security solutions and to obfuscate the domain names from where the ransomware downloader is being downloaded.
Ranking second with 9.29 percent of all ransomware reports, the Teslacrypt ransomware family seems to have been a popular “weapon of choice” in terms of cybercriminal activities.
CTBLocker and Cryptowall are also in the top 5 most prevalent ransomware families, scoring 8.67 percent respectively 7.05 percent of the total number of malware reports globally.
Cryptowall and Bedep scored 4.34 percent and 2.72 percent, while Petya – that Bitdefender Labs analyzed a while back – got 1.80 percent of the total number of ransomware reports.
When it comes to picking out some of the most popular ransomware families that have targeted specific countries, Teslacrypt, CTBLocker and Bedep are amongst the top three ransomware families that seem to be really popular with cybercriminals.
Android Ransomware
With Android dominating the mobile market share with a whopping 87.6 percent, according to IDC, malware developers have been focusing their attention towards developing threats that specifically target this operating system.
Since PC ransomware has proven to be an excellent revenue source, it was only a matter of time until it would have been ported for the Android operating system.
While we’ve seen Android ransomware show up in previous mobile threat landscape reports, during this first half of 2016 this particular threat has gained significant traction in terms of both numbers and complexity.
Some of the most affected countries in which the Android. SLocker ransomware family has been most reported include Germany, Australia, UK, and the United States.
With more than 7 issued patents for using machine learning algorithms in detecting malware and other online threats, the use of deep learning and anomaly based detection techniques play a vital role in proactively fighting new and unknown threats.
Ransomware has not only become a scourge for Windows-based operating systems, but it has also targeted Android mobile operating system for years.
With financial losses estimated in the hundreds of millions, some estimating that it’s could reach close to one billion dollars by the end of 2016, traditional security mechanism and technologies have fell short of completely protecting against it.
At Bitdefender we’ve been working on machine learning algorithms since 2009, constantly developing and training them to identify new and unknown threats.
Artificial Intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Unlike other vendors, Bitdefender has years of experience in perfecting these technologies and the results clearly show this: better detection rates with fewer false positives.
Machine learning algorithms have the ability to significantly improve detection time for ransomware threats, as they’re able to analyze large amounts of data significantly faster than any human would.
If properly trained to accurately detect various types of ransomware behavior, machine learning algorithms can have a high detection rate even on new or unknown samples.
The merging of human ingenuity with machine learning speed and relentless data analysis, significantly reduces reaction time against new ransomware samples, offering protection even from previously unknown ransomware samples.
However, it’s not always just a single machine learning algorithm doing the detection.
Detecting ransomware requires the use of several algorithms, each specialized in detecting specific ransomware families with individual behaviors.
This significantly increases the chances of detecting similarly-looking ransomware while reduces the amount of false positives.
By training machine learning algorithms on large datasets of ransomware samples, they’re able to quickly reveal indicators of compromise and help the security solution prevent new or unknown ransomware samples from encrypting files.
Using advanced behavior-based technologies, Bitdefender detected 99% of unknown threats in independent trials run by reputed independent testing organization, AV-Comparatives.
Bitdefender Advanced Threat Control (ATC) permanently monitors running processes for signs of malicious behavior.
A pioneering technology launched in 2008 as AVC (Active Virus Control), ATC has constantly been enhanced, keeping Bitdefender one step ahead of emerging threats.
Bitdefender also has two additional anti-ransomware defense layers – a blacklist of 2.8 million samples and rising, and a vaccine that can immunize devices against the encryption process.
This spring, Bitdefender was able to analyze the Petya ransomware and offer potential victims a tool that intercepts the encryption process and offers the decryption key, free of charge.
Most importantly, the tool needs to be installed prior to being infected – not afterwards – in order to perform its function correctly.
Previously, Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the afore-mentioned CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.
These are still some of the most prevalent types of ransomware to date, according to Bitdefender’s internal intelligence.
Last November saw the emergence of an interesting piece of ransomware targeting vulnerable Linux web servers.
Fortunately, a programming flaw allowed Bitdefender researchers to get hold of the decryption key and provide victims with a free recovery utility.
Two months later, the world’s first piece of fully functional Mac OS X ransomware relied on a rewrite of the famous Linux.Encoder.