Mobile ransomware is a malicious program that locks down your mobile, encrypts files and steals sensitive data. The attacker demands a ransom payment to unlock the device and return the data to the user.
The ransomware is generally obtained from organized crime groups. Smartphone users are tricked into accidentally downloading of malware through social networking links, fake mobile apps, compromised websites, and email attachments. Once the malware is downloaded on your device, it might show a fake message that claims your device is locked by the local law enforcement agency and you have to pay a “fine” in order to unlock your device. The amount demanded by the attackers is generally in the range of few hundred dollars but in form of bitcoins. For example, in last week attacks of Wannacry ransomware, the attacker demanded an amount of $300 to $600 to unlock the devices. If you look at the statistics of ransom demanded by ransomware attackers, the average ransom amount has increased from $300 to $679. However, there is no guarantee the ransomware will stop operating after you pay the ransom amount.
Ransomware by the numbers
Ransomware is growing problem from smartphone users. You can see more cyber criminals using the ransomware as a source of cheap and easy source of income. According to Ericson Company, 70% of the world population will use a smartphone by 2020. Smartphone users are a large target pool for cyber criminals as larger number of users store sensitive and personal data on their smartphones and they would be more willing to pay the ransom to get back the data.
This has led to increasing in mobile ransomware threat in recent years. According to report released by TrendMicro, 50 new ransomware families were discovered in first few months of 2016 and it is possibly more than 100 new ransomware families were introduced in the year 2016.
According to Kaspersky findings, Android ransomware is on rise and the security company detected 136,532 ransomware attacks on Android users alone from April 2015 to March 2016. If you compare the number with last year, it clearly shows 4 x jumps in Android ransomware
Types of Mobile Ransomware
The two main types of mobile ransomware are Lock-screen types and file-encrypting type. These types of mobile ransomware have caused major financial and data losses for many years. The attackers are using same techniques that have proven effective in desktop malware. For example, police ransomware which is a lock screen type malware tries to scare the users by accusing them of storing illegal content on their mobile devices and asking them to pay to gain access to the device.
The file-encrypting type of ransomware also known as Crypto ransomware encrypts files on user’s mobile device and demands a ransom amount to get back the files. The Crypto ransomware uses strong cryptography to encrypt the files and it is almost impossible to regain access to those files without the access code. Malware like Crypto ransomware can encrypt more than 70 types of files on your mobile. Since users store their everyday data on their phones, the threat of losing personal data is greater than ever.
Recent Incidents
Mobile ransomware is continuously evolving. Last fall a ransomware named Cryptolocker infected more than 1000 computers. Later, it infiltrated to Android and iOS platforms. The attacker demanded a ransom of $300 for the decryption code. One of the ransomware trends is the malware writers are using same techniques to write mobile ransomware that was successful on Windows platform.
One of the latest mobile ransomware attacks came in the form of OK, one of the most popular Russian entertainments social network apps The legitimate OK app in the Google Play Store did not have any virus strain. The OK ransomware was able to bypass antivirus filters and lock the device. After locking the device, the ransomware issues threat of sending an SMS message to all contacts in the phone which shows the user as a consumer of child pornography. The ransomware also warns of complete loss of data (photos, SMS, contacts, and other files) if the user tried to unlock the phone by any other means. The worst thing is the ransomware has no way to detect the user has paid the ransom and it continues to operate on the infected mobile device.
Another version of ransomware is Koler A, a malware that disguises as a premium video player that grants the user access to premium pornography. The ransomware disables the back button of the browser so that screen gets stuck on one page and the user thinks the mobile device is under the control of the hacker.
How to protect your mobile device from ransomware?
By understanding the common methods of ransomware infecting your device, you can take precautionary steps to keep your mobile device protected from ransomware. Some of the common infection vectors are
- Pornography related apps
- Popular applications and trending games apks on other app stores and websites
- Malicious links
- Phishing Emails
Now that you know common infection methods used, here are some tips to protect your mobile device
- Keep Flash, Shockwave, Java and other plugins dated to the latest versions
- Use firewalls and anti-virus software to block pop-ups that might contain virus
- Never click an email sent from an unknown user
- Avoid visiting suspicious websites
- Never install apps from places outside of Google Play store or Apple’s App store
- Backup your files and data regularly
How can mobile app developers protect their apps from ransomware?
According to Nokia’s Threat Intelligence report – H1 2016, the first half of 2016 saw 96% increase in malware infection in comparison to first half of 2015. Here are some security features your mobile app needs to have to protect the user.
Requires Integrity checks and Data validation
It is necessary you employ integrity checks and data validation to ensure the data is handled by the app in a secure manner and everything that is passed to the app is validated.
Disable Debug code
The Debug code is useful for App developers to find out errors and what is causing them. However, once the app is released the debug code should be disabled. If left enabled, the ransomware attacker can get access to debug clause and see how the user is moving around the app and how the input is handled. This can lead to handing out a roadmap to the attacker to exploit the app.
No sensitive data in logs
The app developer should ensure the app is not storing sensitive data such as username, password, and account numbers in logs that can be easily accessed by a hacker.
Restrict clipboard access
App developers should ensure the app does not store any information in clipboard which can be easily accessed by hacker
Construct a Sandbox
App developers need to ensure the app functions in a sandbox and no other apps are able to access app’s data. The developer needs to ensure none of the app permissions allow access to sensitive information to other apps and sandbox is not compromised at any stage of functioning or sharing of data.
Enable Jailbreak detection
The app should be able to detect jailbreak of the mobile device before launching. This will ensure there is no leakage of sensitive information from a jailbroken device.
Wrapping Up
With mobile ransomware evolving with the development of technology, the user should be alert when downloading content on their mobile devices. To get optimum protection from ransomware, mobile users should never delay or deny download of security patches for operating system, apps, and plugins.