Quick Heal® Technologies First Quarter 2016 Threat Report Confirms Ransomware Is The Rising Threat As New Variants Emerge

• Windows and Android malware detections continue to increase, with Android malware samples up by 38 percent over the first quarter in 2015
• New variations of the TeslaCrypt Trojan create new challenges for businesses and consumers
• Potentially Unwanted Applications (PUAs) and adware disguised as software updates introduce new threats
• Profit-focused attacks targeting healthcare and financial organizations are growing in number
• Office and Java vulnerabilities together make up for 92% of the most popular exploit targets

Quick Heal Technologies  announced the results of its First Quarter Threat Report for 2016. The complete report, which can be downloaded from the Quick Heal website, offers insight into the rising threat of ransomware as new variants and propagation techniques emerge worldwide.

According to the report, in the first quarter, the number of malware samples detected by Quick Heal Threat Research Lab represented a significant increase over the same period in 2015. The Windows platform alone was hit by more than 340 million samples during the quarter, with January being the most active month at nearly 117 million samples. Also, more than 20,000 Android malware samples were detected on a daily basis, representing a 38 percent increase over Q1 2015.

The report provides a deep dive, offering insight into the top 10 malware samples detected on Windows and Android devices, as well as detection statistics for malware across all platforms—spanning the categories of Ransomware, Adware, Potentially Unwanted Applications (PUAs), Trojans, Infectors, Worms, and Exploits.

Growing Threat of Ransomware
Ransomware remains a rapidly growing threat in 2016, according to the report. One of the fastest moving threats in this category is TeslaCrypt, which emerged a year ago and has employed new infection and propagation techniques in 2016. New variants of the TeslaCrypt Trojan, make their way into the computer systems of unsuspecting users to hijack images, spreadsheets, powerpoint presentations and other files.

“Unlike other ransomware, TeslaCrypt begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And the only way to get this key is for the victim to pay a ransom,” said Sanjay Katkar, Quick Heal CTO and co-founder. “The best prevention is to never download attachments or click on links in emails received from unwanted or unexpected sources—even if the sources look familiar. Also, don’t respond to pop-up ads or alerts while visiting unfamiliar websites, and apply all necessary security updates, keeping automatic updates on.”

Because TeslaCrypt targets data, the most crucial step is to perform regular backups,
Katkar advises. This can eliminate the need to pay a ransom if the data is already safely backed up and available.

“Locky” is another new ransomware variant that is propagated via spam emails carrying malicious Microsoft Office documents and JavaScript files as attachments. When the JavaScript files are executed, they download and install the Locky ransomware on victims’ machines. The ransomware encrypts most of the documents available on the system and then demands a ransom payment from the user.

In the first quarter of 2016, Mobile Ransomware and Banking Trojans have also increasingly come under the spotlight. Quick Heal detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking trojans were also detected, including completely new variants of existing families, compared to 21 for all of 2015.

“Quick Heal’s new Threat Report underscores the importance of educating employees about the many ways these attacks can infiltrate a device or a network and bring an organization’s entire operation to a screeching halt,” said Katkar. “Business owners and IT professionals need to remain ever-vigilant and increasingly proactive with their security and employee education policies and the safeguards they use to protect the endpoints, the network and everything in between.”