Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:45 PM
Dark Reading
Dark Reading
Products and Releases

Quick Heal Technologies First Quarter 2016 Threat Report Confirms the Rising Threat of Ransomware as New Variants Emerge

Windows and Android malware detections continue to increase, with Android malware samples up 38 percent over the first quarter in 2015

BOSTON, June 1, 2016Quick Heal Technologies today announced the results of its First Quarter Threat Report for 2016. The complete report, which can be downloaded from the Quick Heal website, offers insight into the rising threat of ransomware as new variants and propagation techniques emerge worldwide.

Through the global deployment of its IT security products, Quick Heal is able to detect new threats that have the potential to impact businesses across North America, where it offers its Seqrite line of cloud-enabled solutions for small to medium-size enterprises (SMEs).

In the first quarter, the number of malware samples detected by Quick Heal Threat Research Lab represented a significant increase over the same period in 2015. The Windows platform alone was hit by more than 340 million samples during the quarter, with January being the most active month at nearly 117 million samples. Also, more than 20,000 Android malware samples were detected on a daily basis, representing a 38 percent increase over Q1 2015.   

The report provides a deep dive, offering insight into the top 10 malware samples detected on Windows and Android devices, as well as detection statistics for malware across all platforms—spanning the categories of Ransomware, Adware, Potentially Unwanted Applications (PUAs), Trojans, Infectors, Worms, and Exploits.


Growing Threat of Ransomware

Ransomware remains a rapidly growing threat in 2016, according to the report. One of the fastest moving threats in this category isTeslaCrypt, which emerged a year ago and has employed new infection and propagation techniques in 2016. New variants of the TeslaCrypt Trojan, as described on the Quick Heal blog, make their way into the computer systems of unsuspecting users to hijack images, spreadsheets, PowerPoint presentations and other files.

“Unlike other ransomware, TeslaCrypt begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And the only way to get this key is for the victim to pay a ransom,” said Sanjay Katkar, Quick Heal CTO and co-founder. “The best prevention is to never download attachments or click on links in emails received from unwanted or unexpected sources—even if the sources look familiar. Also, don’t respond to pop-up ads or alerts while visiting unfamiliar websites, and apply all necessary security updates, keeping automatic updates on.”

Because TeslaCrypt targets data, the most crucial step is to perform regular backups,

Katkar advises. This can eliminate the need to pay a ransom if the data is already safely backed up and available.

“Locky” is another new ransomware variant that is propagated via spam emails carrying malicious Microsoft Office documents and JavaScript files as attachments. When the JavaScript files are executed, they download and install the Locky ransomware on victims’ machines. The ransomware encrypts most of the documents available on the system and then demands a ransom payment from the user.

In the first quarter of 2016, Mobile Ransomware and Banking Trojans have also increasingly come under the spotlight. Quick Heal detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking trojans were also detected, including completely new variants of existing families, compared to 21 for all of 2015.

Other key findings in the Q1 report include:

  • Targeted profit-making attacks: Attackers appear to be changing their strategies from long-run attacks to ones that deliver nearly instant payouts. As predicted in previous Quick Heal threat reports, they have moved their attention towards the healthcare and banking sectors. 
  • PUAs disguised as software updates: PUAs are also on the rise, entering a targeted victim’s computer system and appearing on the screen as a pop-up ad on Internet Explorer, Firefox or Google Chrome, prompting the user to click with the intention of updating their Adobe Flash Player, Java or other software. But hackers are the producers of these pop-ups—not the software providers and developers. Once downloaded, the malware proceeds to infect the victim’s computer with adware and browser hijackers as well as other PUAs.
  • Adware advances: The Quick Heal Threat Research Lab has observed that recent Adware samples have been found to focus their attacks more on network resources such as DNS settings, where they can hijack proxies and disable the auto update feature on web browsers and more.
  • Microsoft Office and Java represent top targets: The vulnerabilities found in Office and Java together make up 92% of the most popular exploit targets, giving IT executives more reasons than ever to focus on comprehensive protection for these pervasively used products.
  • Android platform threats increase: More than 178 new malware families and 275 new malware variants were found to be afflicting the Android platform in the first quarter. At the same time, Android Adware samples dropped from a 59 percent increase in the same period last year to a 42 percent increase in Q1 2016. The most common Android malware, Android.Sprovider.C, enters mobile devices primarily through third-party app stores, and MazarBOT, which emerged as a dangerous malware threat in Q1, can steal SMS messages and wipe data from smartphones entirely.


“Quick Heal’s new Threat Report underscores the importance of educating employees about the many ways these attacks can infiltrate a device or a network and bring an organization’s entire operation to a screeching halt,” said Katkar. “Business owners and IT professionals need to remain ever-vigilant and increasingly proactive with their security and employee education policies and the safeguards they use to protect the endpoints, the network and everything in between.”

Resellers interested in becoming a Quick Heal/Seqrite partner, please contact 855-978-6117 or email [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com. For a complimentary copy of the Q1 Threat Report, visit the Quick Heal website.


About Quick Heal Technologies Ltd.

Quick Heal Technologies Ltd.’s Seqrite data security product line targets small-to-midsize enterprises (SMEs) and is designed to simplify security management across endpoints, mobile devices, and networks. For more information on the Quick Heal Seqrite Partner Program, please contact 855-978-6117, email us at [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...