Part 1: A Security Expert’s Guide to Ransomware
Courtesy of Cyber Threat Alliance
Follow Rethink: Security these next five weeks for a series on how to build a strong defensive posture for all major mobile operating systems - Android, iOS, Windows, and more.
What is Ransomware Exactly?
Ransomware is a strain of malware that blocks users from accessing their personal data or apps on infected mobile devices. The malware then demands a ransom - money or services to unblock the same data or apps.
Types of Ransomware You Should Be Familiar With
The two main types of ransomware are locker ransomware and crypto ransomware.
Locker ransomware was first detected in late 2013 on Android when LockDroid first premiered. This type of ransomware changed a user’s PIN or password on the lock screen of their mobile device, preventing a user from accessing their home screen, data, and apps.
Crypto ransomware on the other hand, encrypts a user’s personal data to demand payment. The first exploit, SimpLocker, was found in 2014 where hackers encrypt a user’s Secure Digital (SD) card, leaving the user’s personal data inaccessible. Then, an official looking message showing criminal violations based on files found in the card was displayed on the screen. The hacker demanded payment from the user to either resolve the violation or receive a key to unlock the encrypted data.
In most cases, extortion payments are made with Bitcoin cryptocurrency since Bitcoin is digital and difficult to track out in the wild. Mobile payment methods like Apple Pay and Samsung Pay may also be used, but Bitcoin is still the preferred payment for cybercriminals.
To date, the CryptoWall version 3 exploit has been the most lucrative ransomware. According to a Cyber Threat Alliance report, this malware was initially released in January 2015, and its 406,888 infection attempts have caused an estimated $325 million in damages.
Come back next week as we dive into the world of Android and take a deeper look at the SimpLocker attack and other Android exploits as well as cover remediation tasks to help you avoid getting ransomware on Android devices.