Part 1: A Security Expert’s Guide to Ransomware

Courtesy of Cyber Threat Alliance

Follow Rethink: Security these next five weeks for a series on how to build a strong defensive posture for all major mobile operating systems - Android, iOS, Windows, and more.

What is Ransomware Exactly?

Ransomware is a strain of malware that blocks users from accessing their personal data or apps on infected mobile devices. The malware then demands a ransom - money or services to unblock the same data or apps.

Types of Ransomware You Should Be Familiar With

The two main types of ransomware are locker ransomware and crypto ransomware.

Locker ransomware was first detected in late 2013 on Android when LockDroid first premiered. This type of ransomware changed a user’s PIN or password on the lock screen of their mobile device, preventing a user from accessing their home screen, data, and apps.

Crypto ransomware on the other hand, encrypts a user’s personal data to demand payment. The first exploit, SimpLocker, was found in 2014 where hackers encrypt a user’s Secure Digital (SD) card, leaving the user’s personal data inaccessible. Then, an official looking message showing criminal violations based on files found in the card was displayed on the screen. The hacker demanded payment from the user to either resolve the violation or receive a key to unlock the encrypted data.

In most cases, extortion payments are made with Bitcoin cryptocurrency since Bitcoin is digital and difficult to track out in the wild. Mobile payment methods like Apple Pay and Samsung Pay may also be used, but Bitcoin is still the preferred payment for cybercriminals.

To date, the CryptoWall version 3 exploit has been the most lucrative ransomware. According to a Cyber Threat Alliance report, this malware was initially released in January 2015, and its 406,888 infection attempts have caused an estimated $325 million in damages.

Come back next week as we dive into the world of Android and take a deeper look at the SimpLocker attack and other Android exploits as well as cover remediation tasks to help you avoid getting ransomware on Android devices.

James Saturnio

Senior Solutions Architect at MobileIron

About the author

James Saturnio is a Senior Solutions Architect for the Technical Marketing Engineering team at MobileIron. He immerses himself in all things cybersecurity with equal parts mobility and IoT technologies. He has been with MobileIron for 5 years. Previously, he worked at Cisco Systems for 19 years where he started out as a Technical Assistance Center (TAC) engineer, then a software engineer, and as a Technical Leader in the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.