Story image

Android ransomware, running riot in Australia

03 Jul 2015

Android ransomware in Australia is on the rise, posing a significant threat to businesses and consumers.

In the past six months alone, ransomware has experienced a steady growth, specifically in April and May 2015, according to Bitdefender, the antivirus software specialists.

Furthermore, over 25% of all reported malware in May was Android ransomware.

Bitdefender says these numbers are likely to steadily rise in the next six to twelve months.

“Considering that in February 2015 the amount of ransomware reported was slightly above 6%, this sudden spike translates into an increased interest among cybercriminals in targeting Australia to generate revenue,” says Bitdefender.

Cryptowall ransomware is one of the most prolific and profitable malware strains to-date, causing more than $18 million losses in the past year alone, according to the FBI’s Internet Crime Complaint Center.

Its success in generating revenue has inspired malware coders to now explore new ways of infecting even more victims, by crafting ransomware for Android devices.

With Android shipments exceeding 1 billion devices in 2014, it's unsurprising the market is sparking the interest of cybercriminals who see it as an environment equally as profitable as PCs.

Bitdefender says it has been seeing Android ransomware samples for nearly a year.

At first, they had more limited capabilities and were mostly designed to scare users into thinking they’re infected by displaying an easily-removable pop-up that contained the same ‘classic’ message as PC ransomware.

It only took limited technical knowhow to remove both the pop-up and the application, and users were quick to dispose of them, Bitdefender says.

For instance, whenever a user saw a full-screen message stating that their files had been encrypted and you had to pay a fee to unlock them, they simply hit the ‘back’ button to exit it.

However, malware coders quickly adapted to the mobile operating system platform and began understanding the subtleties of making an application that latches onto the OS tightly, making them both more persistent and ‘scarier’ for the average user, according to Bitdefender.

New Android ransomware can completely block a device’s keys, leaving users with few available options: rebooting or shutting down.

Although no actual encryption of local files occurs, the displayed messages try to scare users into paying the ransom.

The latest Android ransomware can only be removed by booting devices in Safe Mode, otherwise it will come back each time your phone reboots.

Safe Mode booting prevents third-party applications from loading, so users can manually uninstall the malware like any other app.

Some of the most common attack vectors used for spreading such Android ransomware infections have to do with drive-by attacks or infected applications disseminated through third party marketplaces, Bitdefender says.

Consequently, it is important users don’t download anything that’s not from the official Google Play Marketplace and install a mobile security solution that can detect and report any attempt of inadvertent download or installation of malware, says Bitdefender.

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
IDC: Top 10 trends for Australia’s digital transformation
The CDO title is declining, 35% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Exclusive: How Australian businesses can foster customer loyalty with CX
From boardrooms to meeting rooms, there’s an overwhelming recognition of the importance of CX, particularly when it comes to building customer loyalty.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide.