SophosLabs Publishes 2018 Malware Forecast

The Oxford, UK-based cybersecurity firm Sophos has published its 2018 Malware Forecast. The report, produced by SophosLabs, is based on an analysis of threat information from Sophos customers gathered between April 1, and October 3, 2017.

In the report, key malware and ransomware attack trends are identified, allowing Sophos to make predictions about the main threats that can be expected in the coming year.

One of the main trends highlighted in the report is the continued evolution of ransomware. The past six months has seen ransomware primarily developed to attack Windows systems, although Sophos notes that ransomware is now becoming platform-agnostic. This year has seen a noticeable uptick in ransomware attacks on a range of different devices and operating systems. Android users and even Mac users can expect more ransomware attacks over the coming year.

In 2017, Cerber was replaced as the biggest crypto-ransomware threat. Cerber was first detected in 2016 and fast became the biggest ransomware threat; however, WannaCry ransomware – released in May – became the most intercepted ransomware variant, accounting for more than 45% of all ransomware detections. WannaCry was also the first ransomware variant that incorporated worm-like characteristics, which allowed it to rapidly spread to all vulnerable devices on a network by leveraging a known Windows Server Message Block vulnerability.

While the kill switch was activated and the threat was neutralized, SophosLabs still sees WannaCry as a threat due to its ability to keep scanning and attacking computers. The ability for it to replicate and rapidly spread is expected to be replicated in other ransomware and malware variants in the coming year.

Cerber still remains a significant threat, accounting for 44% of ransomware attacks tracked by SophosLabs. This ransomware variant is constantly being redeveloped to avoid detection and analysis. The ransomware is also made available to affiliates under the ransomware-as-a-service model, with cybercriminals able to use the ransomware in their own campaigns by agreeing to pay the developers a percentage of the ransoms they collect. The huge volumes of infections that have been made possible under this model is helping to finance the redevelopment of the ransomware and ensure it remains a major threat.

The Sophos report also details an increase in the use of Android ransomware. Android ransomware attacks increased month-over-month throughout 2017. Android ransomware accounted for more than 30% of all Android malware infections in September, and the percentage is expected to continue to rise.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of