Mobile Ransomware Jumps 50% in a Year

[Exterminator]

Security experts are warning of a 50%+ increase in Android ransomware over the past year as cyber-criminals import techniques from the desktop world and continue to develop their own tactics.

Eset claimed in its new Trends in Android Ransomware report that the black hats are shifting channels to target the devices which increasingly hold large amounts of valuable data.

The ransomware can be spread by email but is typically disseminated in legitimate looking apps on third party Android stores, Eset claimed.

It added:

“To avoid the unwanted attention, attackers have started to encrypt malicious payloads, burying them deeper in the application – often moving them to the assets folder, typically used for pictures or other necessary contents. Infected applications often seem to have no outside functionality, but in reality work as a decryptor able to decrypt and run the hidden ransomware payload. However, using technically more advanced techniques, such as exploit-driven drive-by downloads, is not very common on Android.”

Some variants use click-jacking techniques to trick the user into giving them Device Administrator privileges. These help to protect the malware against uninstallation.

Police “lock-screen” type ransomware is still very popular in the mobile world, although crypt-ransomware like Simplocker has also been spotted by Eset.

The hackers are increasingly looking to shift their focus out from Eastern Europe to US victims, although Asia has also crept onto the radar with the “Jisut” variants becoming popular.

Eset urged users to avoid all third party app stores, to keep their device protected by AV and to have a “functional backup of all important data” to hand.

There are also options for those who’ve fallen victim. Booting the device into Safe Mode will help tackle simple lock-screen ransomware.

Eset also urged users not to pay up if infected.

“As far as ransomware on Android is concerned, we have seen several variants where the code for decrypting files or uninstalling the lock-screen was missing altogether, so paying would not have solved anything,” it claimed.

The volume of global mobile ransomware soared nearly four times between 2015 and 2016, according to stats from Kaspersky Lab.

 

[Wingman]

As more people start to use mobile devices for storing/working with sensitive information, it was just a matter of time before commodity malware targets mobile platforms

 

[DJ Panda]

I guess their is an advantage on not owning a phone! Thanks for the share.

 

[Winter Soldier]

Often these attacks show more skill in social engineering, rather than in the code. A full-time job, trying to leverage on the trust or the inexperience of the people.

Many people feel they cannot be attractive targets because their data are not interesting. But with the ransomware, if the data have value for the user, then they have value for the attacker: nobody can think of not being a target.
Protect yourself from ransomware means tackling only one of many issues, because the information had value, and their theft, unlike the theft of material objects, does not leave traces. Safety requires a holistic approach that addresses all aspects in an integrated way: the individual mechanisms, also very important as the backup, close the door, thus leaving many windows open.