Ransomware is a growing problem for users of mobile devices. Lock-screen types and file-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. ESET has prepared a topical white paper on the growth of this insidious Android malware.
Like other types of Android malware – SMS trojans, for example – ransomware threats have been evolving over the past few years and malware writers have been adopting many of the same techniques that have proven to be effective in regular desktop malware.
Both on Windows and on Android, lock-screens are nowadays usually of the “police ransomware” kind, trying to scare the victims into paying up after (falsely) accusing them of harvesting illegal content on their devices. Likewise, as with the infamous Windows Cryptolocker ransomware family, crypto-ransomware on Android started using strong cryptography, which meant that affected users had no practical way of regaining the hijacked files. And because everyday data, such as photos, for example, are now kept on smartphones rather than PCs by so many people, the threat of losing this data is now greater than ever.
One interesting observation that we have made is that the attackers’ center of focus is no longer only Eastern European countries. A number of recent families, such as Android/Simplocker and Android/Lockerpin, for example, have been targeting victims mostly in the USA.
Types of Android ransomware
Ransomware, as the name suggests, is any type of malware that demands a sum of money from the infected user while promising to “release” a hijacked resource in exchange. There are two general categories of malware that fall under the ‘ransomware’ label:
In lock-screen types of ransomware, the hijacked resource is access to the compromised system. In file-encrypting “crypto-ransomware” that hijacked resource is the user’s files.
Both types have been a very prevalent problem on the Windows platform since 2013, when ransomware started to increase in popularity among cybercriminals, even though it had been around for many years before. Ransomware infections have been causing trouble both to individuals and to businesses.
Since one of the most noticeable trends in regard to Android malware is that malware writers have been bringing to this platform malware techniques that have proven to be successful on Windows, the appearance of ransomware on the most popular mobile platform was logical and anticipated. As we can see on the trendline graph, detections of Android ransomware are growing.