Quick Heal® Technologies First Quarter 2016 Threat Report Confirms the Rising Threat of Ransomware as New Variants Emerge

Windows and Android malware detections continue to increase, with Android malware samples up 38 percent over the first quarter in 2015

June 3, 2016

5 Min Read


BOSTON, June 1, 2016Quick Heal Technologies today announced the results of its First Quarter Threat Report for 2016. The complete report, which can be downloaded from the Quick Heal website, offers insight into the rising threat of ransomware as new variants and propagation techniques emerge worldwide.

Through the global deployment of its IT security products, Quick Heal is able to detect new threats that have the potential to impact businesses across North America, where it offers its Seqrite line of cloud-enabled solutions for small to medium-size enterprises (SMEs).

In the first quarter, the number of malware samples detected by Quick Heal Threat Research Lab represented a significant increase over the same period in 2015. The Windows platform alone was hit by more than 340 million samples during the quarter, with January being the most active month at nearly 117 million samples. Also, more than 20,000 Android malware samples were detected on a daily basis, representing a 38 percent increase over Q1 2015.   

The report provides a deep dive, offering insight into the top 10 malware samples detected on Windows and Android devices, as well as detection statistics for malware across all platforms—spanning the categories of Ransomware, Adware, Potentially Unwanted Applications (PUAs), Trojans, Infectors, Worms, and Exploits.


Growing Threat of Ransomware

Ransomware remains a rapidly growing threat in 2016, according to the report. One of the fastest moving threats in this category isTeslaCrypt, which emerged a year ago and has employed new infection and propagation techniques in 2016. New variants of the TeslaCrypt Trojan, as described on the Quick Heal blog, make their way into the computer systems of unsuspecting users to hijack images, spreadsheets, PowerPoint presentations and other files.

“Unlike other ransomware, TeslaCrypt begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And the only way to get this key is for the victim to pay a ransom,” said Sanjay Katkar, Quick Heal CTO and co-founder. “The best prevention is to never download attachments or click on links in emails received from unwanted or unexpected sources—even if the sources look familiar. Also, don’t respond to pop-up ads or alerts while visiting unfamiliar websites, and apply all necessary security updates, keeping automatic updates on.”

Because TeslaCrypt targets data, the most crucial step is to perform regular backups,

Katkar advises. This can eliminate the need to pay a ransom if the data is already safely backed up and available.

“Locky” is another new ransomware variant that is propagated via spam emails carrying malicious Microsoft Office documents and JavaScript files as attachments. When the JavaScript files are executed, they download and install the Locky ransomware on victims’ machines. The ransomware encrypts most of the documents available on the system and then demands a ransom payment from the user.

In the first quarter of 2016, Mobile Ransomware and Banking Trojans have also increasingly come under the spotlight. Quick Heal detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking trojans were also detected, including completely new variants of existing families, compared to 21 for all of 2015.

Other key findings in the Q1 report include:

  • Targeted profit-making attacks: Attackers appear to be changing their strategies from long-run attacks to ones that deliver nearly instant payouts. As predicted in previous Quick Heal threat reports, they have moved their attention towards the healthcare and banking sectors. 

  • PUAs disguised as software updates: PUAs are also on the rise, entering a targeted victim’s computer system and appearing on the screen as a pop-up ad on Internet Explorer, Firefox or Google Chrome, prompting the user to click with the intention of updating their Adobe Flash Player, Java or other software. But hackers are the producers of these pop-ups—not the software providers and developers. Once downloaded, the malware proceeds to infect the victim’s computer with adware and browser hijackers as well as other PUAs.

  • Adware advances: The Quick Heal Threat Research Lab has observed that recent Adware samples have been found to focus their attacks more on network resources such as DNS settings, where they can hijack proxies and disable the auto update feature on web browsers and more.

  • Microsoft Office and Java represent top targets: The vulnerabilities found in Office and Java together make up 92% of the most popular exploit targets, giving IT executives more reasons than ever to focus on comprehensive protection for these pervasively used products.

  • Android platform threats increase: More than 178 new malware families and 275 new malware variants were found to be afflicting the Android platform in the first quarter. At the same time, Android Adware samples dropped from a 59 percent increase in the same period last year to a 42 percent increase in Q1 2016. The most common Android malware, Android.Sprovider.C, enters mobile devices primarily through third-party app stores, and MazarBOT, which emerged as a dangerous malware threat in Q1, can steal SMS messages and wipe data from smartphones entirely.


“Quick Heal’s new Threat Report underscores the importance of educating employees about the many ways these attacks can infiltrate a device or a network and bring an organization’s entire operation to a screeching halt,” said Katkar. “Business owners and IT professionals need to remain ever-vigilant and increasingly proactive with their security and employee education policies and the safeguards they use to protect the endpoints, the network and everything in between.”

Resellers interested in becoming a Quick Heal/Seqrite partner, please contact 855-978-6117 or email [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com. For a complimentary copy of the Q1 Threat Report, visit the Quick Heal website.


About Quick Heal Technologies Ltd.

Quick Heal Technologies Ltd.’s Seqrite data security product line targets small-to-midsize enterprises (SMEs) and is designed to simplify security management across endpoints, mobile devices, and networks. For more information on the Quick Heal Seqrite Partner Program, please contact 855-978-6117, email us at [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights