As access to affordable smartphone devices increases, so does the risk of being a victim of mobile ransomware.
This is the view of security analysts, who say ransomware is one of the biggest malware threats at the moment, with the majority being developed for the Android operating system.
Jason Jordaan, principal forensic scientist at DFIR Labs, says mobile ransomware is not as big as PC-based ransomware but it is a growing threat and devices running on Android are the most prone to these attacks.
Unlike its cousins that target PCs, mobile ransomware focuses on locking users out of the device and prevents or limits users from accessing their mobile device, demanding a ransom to release the data and systems.
Doros Hadjizenonos, country manager of Check Point SA, says mobile ransomware has become the "biggest mobile security threat".
"Imitation is a quick way to learn, which is why mobile malware is evolving so rapidly - it frequently imitates attack behaviours and trends that were first trialled and proven to work in the PC world. Mobile ransomware is following this path, with the aim of replicating the success that PC-based ransomware has had in extorting money from individuals and organisations.
"While mobile ransomware currently targets Android devices almost exclusively - largely because iOS devices need to be jailbroken to download apps from sources other than Apple's app store, making them harder to infect - there has been a case in which iOS users were extorted."
Threatening malware
According to Hadjizenonos, the number of mobile ransomware variants detected in the first quarter of 2016 grew 45% compared to the fourth quarter of 2015.
The first mobile ransomware types were 'screen blockers', which displayed prominent alerts and made normal interaction with the screen impossible - similar to lock-screen PC ransomware.
First seen in 2013, the malware posed as anti-virus software and informed victims their device was infected, demanding they purchase a full version of the software to 'disinfect' the device and make it usable again.
However, over the years, mobile ransomware has become more complex and malicious in the way it works, with the most recent mobile ransomware type being the PIN locker, which emerged in 2015.
"One example, called PornDroid, pretends to be a porn player, and tricks the user into granting it admin privileges. Once it has these, the malware changes users' PIN codes, locking them out of their devices and displaying a ransom message," explains Hadjizenonos.
Victims of this type of ransomware ended up paying $200 to $500 to unlock their data and regain control of the device, he says.
Jordaan says because there are so many versions of Android, there will be lots of scams targeting people using that platform.
More smartphones running on Android increase the mobile malware threat as users are more prone to being scammed into downloading the latest ransomware app, he says. "Ransomware guys make good money so these types of security threats will continue to evolve as more people get lower-end smartphones."
While the reported mobile ransomware cases are mainly overseas, Jordaan says there have been rumours of similar threats in SA but nothing has been reported.
Paul Amar, an analyst at SensePost, says it is uncertain if such incidents have occurred in SA. "Infections so far mostly targeted the United States, using variants of PornDroid."
Hadjizenonos notes there is little users can do to protect themselves from mobile ransomware except to perform regular backups of the data stored on the device. "You should certainly avoid paying any ransom, and take your device to a mobile security specialist rather than attempting to decrypt it yourself. But ultimately, when it comes to mobile ransomware, prevention is by far the best protection."
Share