Trend Micro has seen ransomware on PCs dominate the threat landscape over the last 18 months with their unprecedented volume and destructiveness. But now cybercriminals are attacking another vector: the Android mobile platform. Our research shows unique Android ransomware threats grew 15 times higher in June 2016 than in April 2015[i].
The mobile ransomware threat started over two years ago and has gone almost unnoticed in the public eye, overshadowed by its big brother – PC ransomware threats. But should we be paying closer attention? Let’s discuss why you should care, how this threat spreads, and what you can do to keep your mobile devices safe.
Why you should care
As I have said in my previous blogs, ransomware locks your computer or mobile device, or encrypts your files, holding them ransom until you pay a fee to the cybercriminals who hold them hostage. If you don’t pay the ransom, the bad guys can delete your photos and documents for good, or permanently lock you out of your computer or mobile device.
Mobile devices are now more integrated into our day-to-day lives than our PCs, so a ransomware attack can have a tremendous impact on us (as anyone who’s lost a mobile phone can attest).
How mobile ransomware spreads
Mobile ransomware masquerades as a legitimate app in third party app stores, popular games, flash and video players or as a system update. (So far, Trend Micro hasn’t found any ransomware threats within Google Play.) You could also get hit with an attack by visiting pornographic websites, forums or clicking on a spam link in text messages.
How mobile ransomware works
Trend Micro first discovered mobile ransomware in April 2014. It was of the “lock screen” type, the kind that locks your device and can only be unlocked if you pay. This would necessitate having to buy a new mobile device (expensive – ouch!), but hopefully a majority of your files would be saved in the cloud. Sometimes ransomware falsely claim your device is being locked by the local law enforcement and that you have to pay a “fine:”
This is a mobile version of what is sometimes called “police ransomware” and it is a well-known problem with desktop computers. And now it’s a problem on mobile devices, too.
Not long after police ransomware came over to the mobile world, encrypting ransomware followed.
One thing we’ve seen that is unique to mobile ransomware is a ransomware that hijacks the PIN you use to secure your device. We first saw it in March 2015 and it is similar to the kind of ransomware that locks your device. In this case, it just uses the device’s own built-in security against you, until you pay the attackers.
Just like the file encrypting ransomware you’ve heard of on PCs, this ransomware encrypts your files and the attackers will only give you access to them if you pay them:
How can you stay protected against mobile ransomware?
Trend Micro customers can have peace of mind knowing we’ve blocked over 120M ransomware threats in 2016 alone. We offer protection for your personal mobile devices: Trend Micro™ Mobile Security for Android will scan your device and check all apps (APK) against the Trend Micro™ Mobile Application Reputation™ database. Known ransomware (and other threats) are reported and can be uninstalled, as seen here:
When you’re surfing the Internet on your phone, Mobile Security protects you from accessing malicious websites infected with ransomware, including websites from within popular messaging apps like WhatsApp:
Ransomware is a continuing major threat for PC owners and a growing one for the users of Android devices. Keep your data and hardware assets protected with an internet security suite that protects all of your devices on all platforms.
Trend Micro™ Maximum Security includes Mobile Security and protection for up to 5 PC, Mac, Android and iOS mobile devices, and proactively safeguards your devices from the threat of ransomware.