Security experts are warning of a 50%+ increase in Android ransomware over the past year as cyber-criminals import techniques from the desktop world and continue to develop their own tactics.
Eset claimed in its new Trends in Android Ransomware report that the black hats are shifting channels to target the devices which increasingly hold large amounts of valuable data.
The ransomware can be spread by email but is typically disseminated in legitimate looking apps on third party Android stores, Eset claimed.
It added:
“To avoid the unwanted attention, attackers have started to encrypt malicious payloads, burying them deeper in the application – often moving them to the assets folder, typically used for pictures or other necessary contents. Infected applications often seem to have no outside functionality, but in reality work as a decryptor able to decrypt and run the hidden ransomware payload. However, using technically more advanced techniques, such as exploit-driven drive-by downloads, is not very common on Android.”
Some variants use click-jacking techniques to trick the user into giving them Device Administrator privileges. These help to protect the malware against uninstallation.
Police “lock-screen” type ransomware is still very popular in the mobile world, although crypt-ransomware like Simplocker has also been spotted by Eset.
The hackers are increasingly looking to shift their focus out from Eastern Europe to US victims, although Asia has also crept onto the radar with the “Jisut” variants becoming popular.
Eset urged users to avoid all third party app stores, to keep their device protected by AV and to have a “functional backup of all important data” to hand.
There are also options for those who’ve fallen victim. Booting the device into Safe Mode will help tackle simple lock-screen ransomware.
Eset also urged users not to pay up if infected.
“As far as ransomware on Android is concerned, we have seen several variants where the code for decrypting files or uninstalling the lock-screen was missing altogether, so paying would not have solved anything,” it claimed.
The volume of global mobile ransomware soared nearly four times between 2015 and 2016, according to stats from Kaspersky Lab.