Ransomware is a type of malware that restricts access to files then demands ransom to unlock access to them. While it has been a plague for PCs during the past couple of years, cybercriminals have ported the threat to Google’s mobile OS as well because of increased adoption of the Android mobile operating system.
Responsible for financial losses estimated at around $1 billion in 2016, ransomware is one of the most financially lucrative piece of malware to date. With revenue used to develop new and more sophisticated ransomware variants and even fuel other cybercriminal activities, it’s estimated that the threat will not go away at any time soon.
Android ransomware alone has been estimated to have increased by almost 300% in Q1 2017, compared to 2016, indicating it’s becoming sufficiently mature to be actively used by cybercriminals to infect victims.
How Does Android Ransomware Work?
Because of the limited access an application has within the Android operating system, most ransomware is limited to simply displaying a difficult-to-remove nag screen that constantly reminds the victim to pay an amount ranging from a couple of dollars to a few hundred to restore access to the device. While traditional PC-based malware can actually encrypt data on the device, Android ransomware mostly restricts access to the device’s functions.
Because removing this ransomware variant could have been performed with a relatively simple factory reset, cybercriminals have actually incorporated more advanced persistency mechanisms as well as the ability to actually encrypt data on removable SD cards. Pictures, documents and any other type of file stored on the removable memory card would become unreadable unless victims would agree to give in to the ransom note.
Some Android ransomware variants can even gain administrative privileges to the device and, although they don’t encrypt the stored data, they can change the device’s PIN code. Without paying the ransom, victims would practically be locked out of their devices indefinitely.
Some Bitdefender studies have actually concluded that 50 percent of ransomware victims would be willing to pay up to a couple of hundreds of dollars to regain access to their data, which is why cybercriminals are constantly trying to come up with new methods of making the threat difficult to remove.
Distribution and How to Stay Safe
Like most Android malware, ransomware is usually bundled with applications that at first glance seem legitimate. Mostly disseminated via third-party marketplaces within applications promising full features to otherwise paid apps, Android ransomware is – ironically – easy to spot, as you’ll receive a ransom note on screen.
Avoid shady apps and ads that make it seem imperative that you install a particular application, as they’re usually either ransomware or other types of malware.
The best way of securing your Android device against ransomware and other threats remains the use of a mobile security solution that can scan apps, regardless of where they’ve been downloaded from, and determining whether they’re malicious.