Mobile ransomware use jumps, blocking access to phones

Kaspersky Lab has detected a spike among its own Android users

The number of users infected with mobile ransomware is skyrocketing, as hackers try to expand the number of potential victims they can target.

Compared with a year ago, almost four times as many users are being attacked by mobile ransomware, security firm Kaspersky Lab said on Wednesday.

It's a troubling trend. Ransomware has typically targeted PCs by encrypting all the information that is inside the targeted machines, and then holding the data hostage in exchange for money.

The threat is that users who fail to pay ransom will see all the data erased. Hospitals, schools and police departments have all been major victims. But increasingly, hackers have begun focusing on smartphones.

Kaspersky looked at its own Android customers and noticed the spike. Between April 2015 and March this year,136,532 of its users encountered a mobile version of ransomware. That's up from 35,413 in the year earlier period.

Kaspersky customers in Germany, Canada, the U.K. and the U.S., in that order, were the top four countries affected by mobile ransomware.

The largest mobile ransomware family detected is called Fusob, Kaspersky said.  It was responsible for 56 percent of the attacks during the year and targets Android users.

Victims are unwittingly downloading it when visiting porn sites. Fusob masquerades as a multimedia player, called xxxPlayer, that’s been designed to watch the porn videos.

Once downloaded, Fusob can block all user access to a device. Victims are told to  pay between $100 and $200 in iTunes gift cards to deactivate the block.

Most of the victims have been located in Germany. The ransomware ignores devices that use Russian and several Eastern European languages.

Kaspersky noted that much of mobile ransomware detected actually doesn't encrypt any information on the infected device. Smartphone owners usually back up all their data to a cloud service anyway, so there's no point to try and encrypt it, the security firm said. Instead, the ransomware blocks user access to apps on the phone. Often, victims of mobile ransomware will see a ransom note on their device's screen with instructions on how to pay the ransom, and will not be able to use the phone otherwise until they do so.

Hackers are increasingly using mobile malware in order to expand the number of potential targets outside of PCs, according to security firms. 

"In the end, they're going to follow the money, and find what's most effective," said Christopher Budd, the communications manager with Trend Micro. He expects ransomware to continue to evolve and possibly target more Android-based devices, including smart TVs in the future.

To avoid ransomware, Kaspersky advises that users regularly update their software and back up all crucial files. Users should also be wary of downloading anything from untrusted sources and look into buying strong security software.

Join the CSO newsletter!

Error: Please check your email address.

More about KasperskyTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place