Mobile Ransomware: An Evolving Threat for Developed Markets

Woburn, MA – June 26, 2017 – Mobile ransomware actors are focusing their attacks on wealthy countries, according to the annual ransomware report from Kaspersky Lab. The report from April 2016 to March 2017, shows the United States was the country with the highest percentage of mobile users attacked with mobile ransomware, followed by Canada, Germany and the U.K.

Mobile ransomware activity skyrocketed in the first quarter of 2017 with 218,625 mobile Trojan-Ransomware installation packages, which is 3.5 times more than in the previous quarter. Despite a small reprieve, the mobile threat landscape is still arousing anxiety, as criminals target nations with developed financial and payment infrastructures. Developed markets not only have a higher level of income, but also more advanced and widely used mobile and e-payment systems that can be easily compromised.

The rise in attacks on the United States occurred largely due to the Svpeng and Fusob malware families. While Svpeng mainly targets America, Fusob initially focused on Germany, but since Q1 2017 targeted the U.S. more with 28 percent of its attacks.


In the period of 2015-2016, Germany was the country with the highest percentage of mobile users attacked with mobile ransomware (almost 23%), as a proportion of users attacked with any kind of mobile malware. It’s followed by Canada (almost 20%), the U.K. and the U.S., exceeding 15 percent.

This changed in 2016-2017 with the U.S. shifting from fourth to first position (almost 19%). Canada and Germany retained their top-three ranking with almost 19 percent and over 15 percent respectively, leaving the U.K. ranked fourth place with more than 13 percent. “These geographical changes in the mobile ransomware landscape could be a sign of the trend to spread attacks to rich, unprepared, vulnerable or yet unreached regions. This obviously means that users, especially in these countries, should be extremely cautious when surfing the web,” said Roman Unuchek, security expert at Kaspersky Lab.

Other key findings from the mobile ransomware report include:

  • The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4 percent compared to the previous 12 months (April 2015 to March 2016) – from 2,315,931 to 2,581,026 users around the world;
  • The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware fell by almost 0.8 percentage points, from 4.34 percent in 2015-2016 to 3.88 percent in 2016-2017;
  • Among those who encountered ransomware, the proportion that encountered cryptors rose by 13.6 percentage points, from 31 percent in 2015-2016 to 44.6 percent in 2016-2017;
  • The number of users attacked with cryptors almost doubled, from 718,536 in 2015-2016 to 1,152,299 in 2016-2017;
  • The number of users attacked with mobile ransomware fell by 4.62 percent from 136,532 users in 2015-2016 to 130,232.

To reduce the risk of infection, users are advised to:

  • Back up data regularly and always keep software updated on all devices.
  • Use a reliable security solution, like those from Kaspersky Lab, which include System Watcher, a feature that protects against ransomware.
  • Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
  • If you fall victim to an encryptor, use a clean system to check the No More Ransom site for a decryption tool that could help get your files back.
  • Business should educate employees and IT teams; keep sensitive data separate; restrict access; and back up everything, always.
  • The latest versions of Kaspersky Lab products for smaller companies are enhanced with anti-cryptomalware functionality. In addition, a free anti-ransomware tool is available for all businesses to download, regardless of the security solution installed.
  • Remember that ransomware is a criminal offence and should be reported to your local law enforcement agency.

Kaspersky Lab has continued its tradition of reporting on ransomware threats with its second annual study into the issue. The report covers the full two-year period, which, for comparison reasons, was divided into two parts of 12 months each: from April 2015 to March 2016 and from April 2016 to March 2017. Read the full version of the Kaspersky Lab’s Malware Report on