Android virus laden Ransomware on the Rise in the UK
Published on: 7th Jul 2015
Note -- this news article is more than a year old.
So called ransomware has seen a steady growth in the UK so far throughout 2015. Bitdefender research has found that approximately 32% of all reported malware during the month of May was Android ransomware, with the company anticipating that this number will continue to grow in the next twelve months. With the amount of Android ransomware reported at approximately 24% during the early months of 2015, this sudden spike translates into an increased interest for cybercriminals for generating revenue by targeting the UK.
Cryptowall ransomware is one of the most profitable malware strains to date, with ransomware fees starting from $500 (£320). Its success has inspired malware coders to now explore new ways of infecting even more victims by crafting ransomware for Android devices. Android shipments exceeded one billion devices in 2014, sparking cybercriminals' interest who see an environment equally as profitable as that of PCs.
"Aggressive and persistent malware doesn't come out of nowhere," states Catalin Cosoi, Chief Security Strategist at Bitdefender. "Developing malware takes pretty much the same form as developing software; it takes many iterations and bug fixes until you end up with a really stable build that can perform as expected. The same goes for Android ransomware."
"At Bitdefender, we've been seeing Android ransomware samples for the better part of a year now. At first they had pretty limited capabilities - they were mostly scaring users into thinking they were infected by displaying an easily removable pop-up that contained the same classic message as PC ransomware. It only took limited technical knowhow to remove both the pop-up and the application and users were quick to dispose of them."
"It seems, however, that malware coders quickly adapted to the mobile operating system platform and began understanding the subtleties of making an application latching onto the OS tightly. This makes them both more persistent and scarier for the average user."
Bitdefender warns that new Android ransomware can completely block a device's keys, leaving users with few available options: rebooting or shutting down. Although no actual encryption of local files actually occurs, the displayed messages try to scare victims into paying the ransom.
The latest Android ransomware can only be removed by booting devices in Safe Mode; otherwise it will come back on each time a device is rebooted normally. Because Safe Mode booting prevents third-party applications from loading, users can manually uninstall the malware just like any other app.
Catalin Cosoi adds, "Android ransomware has drastically changed from being a small benign application that previously used to trick and scare users into thinking they have been infected, to now actively seizing control over devices and preventing users from uninstalling the malicious application. Today's versions require a bit more technical expertise to "flush" the application from a users' Android device."