Story image

Android ransomware, running riot in Australia

By Catherine Knowles, Fri 3 Jul 2015
FYI, this story is more than a year old

Android ransomware in Australia is on the rise, posing a significant threat to businesses and consumers.

In the past six months alone, ransomware has experienced a steady growth, specifically in April and May 2015, according to Bitdefender, the antivirus software specialists.

Furthermore, over 25% of all reported malware in May was Android ransomware.

Bitdefender says these numbers are likely to steadily rise in the next six to twelve months.

“Considering that in February 2015 the amount of ransomware reported was slightly above 6%, this sudden spike translates into an increased interest among cybercriminals in targeting Australia to generate revenue,” says Bitdefender.

Cryptowall ransomware is one of the most prolific and profitable malware strains to-date, causing more than $18 million losses in the past year alone, according to the FBI’s Internet Crime Complaint Center.

Its success in generating revenue has inspired malware coders to now explore new ways of infecting even more victims, by crafting ransomware for Android devices.

With Android shipments exceeding 1 billion devices in 2014, it's unsurprising the market is sparking the interest of cybercriminals who see it as an environment equally as profitable as PCs.

Bitdefender says it has been seeing Android ransomware samples for nearly a year.

At first, they had more limited capabilities and were mostly designed to scare users into thinking they’re infected by displaying an easily-removable pop-up that contained the same ‘classic’ message as PC ransomware.

It only took limited technical knowhow to remove both the pop-up and the application, and users were quick to dispose of them, Bitdefender says.

For instance, whenever a user saw a full-screen message stating that their files had been encrypted and you had to pay a fee to unlock them, they simply hit the ‘back’ button to exit it.

However, malware coders quickly adapted to the mobile operating system platform and began understanding the subtleties of making an application that latches onto the OS tightly, making them both more persistent and ‘scarier’ for the average user, according to Bitdefender.

New Android ransomware can completely block a device’s keys, leaving users with few available options: rebooting or shutting down.

Although no actual encryption of local files occurs, the displayed messages try to scare users into paying the ransom.

The latest Android ransomware can only be removed by booting devices in Safe Mode, otherwise it will come back each time your phone reboots.

Safe Mode booting prevents third-party applications from loading, so users can manually uninstall the malware like any other app.

Some of the most common attack vectors used for spreading such Android ransomware infections have to do with drive-by attacks or infected applications disseminated through third party marketplaces, Bitdefender says.

Consequently, it is important users don’t download anything that’s not from the official Google Play Marketplace and install a mobile security solution that can detect and report any attempt of inadvertent download or installation of malware, says Bitdefender.

Recent stories
More stories