Locky ransomware made an unexpected jump into second place on Check Point's Most Wanted Malware of the month list, but was unable to unseat Roughted malverstising software for the top spot.
The Check Point team said Locky road on the coat tails of the massive increase in ransomware attacks that took place during September when 11.5 percent of all organizations worldwide reported being victimized by ransomware. The second place finish represented a 25 place jump for Locky giving the malware its first appearance on the list since November 2016. Locky's position was also boosted by the wide scale use of the Necurs botnet, which itself came in tenth place for the month.
| Top Ten 1. Roughted 2. Locky 3. Globeimposter 4. Conficker 5. Fireball 6. Pushdo 7. Zeus 8. Rig EK 9. Ramnit 10. Necurs |
Other malware types that increased their profile in September were fourth place Conficker, up from fifth; the eighth place Rig exploit kit, which inched up one slot from September; and the already mentioned Necurs which moved onto the list grabbing tenth place.
Three forms of malware lost ground during September. Globeimposter ransomware fell one position to third; the browser hijacker/malware downloader Fireball went from fourth to fifth place; and the banking trojan Ramnit dropped to ninth from eighth place.
Maintaining the September positions on the list were the trojans Pushdo, sixth place, and Zeus in seventh, Check Point said.
The top three malware types spotted targeting mobile platforms was Triada, Hiddad and Lotoor.
Triada is a modular backdoor for Android that can grant an attacker superuser permissions. Hiddad, also an Android problem, is mainly used to display ads. The malware does this by grabbing legitimate apps, repacking them and posting them to a third-party app store. Lotoor is a hacking tool that exploits vulnerabilities in Android to gain root privileges on compromised devices.
