Ransomware, the fastest-growing cyber threat, became the main danger to users of the Android operating system in the first half of 2016, recent Bitdefender telemetry shows.
Bitdefender’s Android statistics show the Android SLocker ransomware family accounts for almost half of all mobile malware reported by infected devices in H1 2016 in Denmark, and a quarter in Germany. Australia came third, with 21.54 percent, while the UK scored 16.48 percent. In the United States, ransomware accounted for 16 percent.
On Android, the mobile operating system with the largest market share, ransomware has been spotted attempting to lock devices and has become increasingly difficult to remove from one iteration to another.
Android ransomware samples usually lock out users and demand payment to unlock devices, although no actual file encryption takes place. While some may encrypt information on SD cards, recent ransomware variants focus more on simply scaring users into giving in to their demands. One sample changed the lock screen PIN of the infected device and tried to kill the process of the on-device security solution that could have detected and removed the threat.
However, Android ransomware does require user interaction for sideloading the malicious .apk file, stirring suspicion of advanced users but possibly tricking less tech-savvy victims.
Other delivery methods for Android ransomware involved spam messages. A common method for delivering Android ransomware has been through malvertising. In this process, malware developers poison ads on legitimate websites by purchasing advertising space. When clicked, these ads redirect users to fake marketplaces or trick them into downloading seemingly innocuous video players or system updates that infect devices.
A Bitdefender study on ransomware victims in November 2015 revealed that half would be willing to pay up to $500 to recover their data, and half of victims have actually paid. UK consumers are willing to pay most to recover personal documents, photos and job-related documents. Brits are willing to pay as much as £400 to decrypt their files. Germans would dispense as much as €210, while US consumers would part with about $350. This brings the ransomware business staggering amounts of money that further fuels cybercriminal activity.
Here are a couple of steps that could help users stay safe from Android ransomware:
- Use a known, award-winning mobile security solution
- Avoid sideloading applications from third-party marketplaces and always install apps from official app stores
- Back up your data
- Carefully read app permissions to avoid giving away personal data or allowing cybercriminals to control your device
Companies are strongly encouraged to:
- Use a Mobile Device Management (MDM) platform for managing employee devices and installing mobile security software
- Deploy a backup solution
- Restrict users from installing unvented applications or from untrusted marketplaces
- Protect email servers with content filtering solutions
- Teach employees how to identify spear-phishing emails and other social engineering techniques.
This year, CyberSecMonth will have a theme dedicated to mobile threats. The advocacy campaign takes place every October to raise awareness on cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices. Bitdefender proudly partners the CyberSecMonth initiative supported by Europol’s European Cybercrime Centre and ENISA, to raise awareness of mobile cyber threats and their devastating consequences.