Ransomware-as-a-service will see the insidious malware spread rapidly beyond personal computers in the year ahead, according to the new report out Thursday from Sophos Group plc.

The Sophos 2018 Malware Forecast looked at the direction malware took in 2017 to make its predictions for the year ahead. The new trends include the continuing rise of RaaS, an expected explosion in Android malware on the Google Play mobile app store, an increased level of targeted Mac malware campaigns and a likely rise in new Windows threats powered by do-it-yourself exploit kits.

The researchers suggest that as more ransomware creators are realizing that they can make more money from selling kits and serviced packages that others can use to distribute their own attacks, the RaaS market will rapidly grow in the year ahead. They cite Cerber, a form of ransomware that first emerged in 2016 but kept evolving through various incarnations during 2017, as a classic example of how the spread of ramsomware is being powered by RaaS providers.

“Since ransomware became such a well-paying business, authors are paying more attention to developing features, like robust encryption and antivirus evasion techniques,” the report noted. “They’ve also worked more variety into available payment options.”

The likely increase in Android malware, particularly making its way onto Google Play, was the next trend predicted in the report, but it’s an extension of the rapid growth experienced in 2017. Interestingly, the researchers note that ransomware, in particular, is starting to become a problem for Android users in the same way it is for PC users.

Apple Macs get a mention, with the researchers suggesting that, as with Android, developers are seeking out new victims, making Apple’s desktop operating systems a prime target. But the report notes that much of the rise likely will be via potentially unwanted programs such as MacKeeper rather than actual malware.

As for Windows, the researchers expect to see easier exploits distributed on the dark web, the shady part of the Internet accessible through special software, with tools for the exploits appearing within a month of disclosure. Microsoft Office vulnerabilities are cited as an area ripe for growth given seemingly ongoing vulnerabilities found in its code.

Photo: sheila_sund/Flickr