Wealthy countries with developed financial and payment infrastructures are most likely to have their data encrypted and held for ransom by cybercriminals, according to a recent report by global cybersecurity company Kaspersky Lab.
In 2016-17, cyber attackers have set their sights on mobile users in the U.S., first and foremost, with Canada, Germany and the U.K. following closely in terms of risk. That’s up 19 percent from 2015-16, when Germany was the No. 1 target for mobile malware and the U.S. was No. 4.
Kaspersky says this is due not only to the higher level of income but also to the broader use of mobile and e-payment systems, which can be easily compromised.
Following a slight reprieve, 2017’s Q1 saw 218,625 mobile Trojan-Ransomware installation packages – 3.5 times more than the previous quarter. Total worldwide mobile ransomware encounters increased by 11.4 percent year over year, from 2,315,931 to 2,581,026.
Kaspersky credits the increase in attacks on the U.S. to the Svpeng and Fusob malware families.
In 2016, the Petya ransomware also had a significant impact using the “Ransomware as a Service” model, which spreads the malicious code via multiple distributors who pay the creator for use of the product. Ransomware as a Service opens up the cybercrime playing field to criminals who lack the skills or resources to develop their own malware.
Today’s targeted cyberattacks tend to focus more on financial organizations than on individuals because the payout is bigger. Kaspersky’s report endeavors to measure the scale of the problem and analyze its causes.
The report also recommends best practices for both individuals and organizations to avoid infection. Users should keep software up to date, back up their data regularly, deploy a reliable security solution and treat emails from unfamiliar sources with caution. Attachments from unfamiliar sources are best left unopened. Businesses should educate employees and tech teams to store sensitive data separately, restrict access and – again – always back up files.
Victims should use a clean system to check the No More Ransom site for a decryption tool that could help recover their files and report the ransomware to local authorities, as it is a criminal offense.