Ransomware to Go

Android ransomware vault

By now, most people have heard about ransomware – the malware that encrypts your computer files, leaving them unreadable, with a message demanding a ransom in exchange for the decryption key. These schemes have generated millions in Bitcoin (the preferred currency of the cyber underworld) for the fraudsters, and have paralyzed hospitals, police stations, and ordinary users everywhere. But now, entrepreneurial criminals have branched out to the mobile sphere, with ransomware affecting both Android and iOS devices.

One version of ransomware for Android is called SLocker, and has been making a resurgence on mobile devices. Notably, it uses Tor to connect back to a command-and-control server. A variety of other ransomware programs have evolved over the past several years. Many spoof legitimate sounding warnings from the FBI or the police about “illegal” activities occurring on the phone, as a psychological tactic to encourage users to pay up.

How does ransomware get on the phone in the first place? Often, criminals will put a malicious app in the app store, and wait for unwitting users to download it. Other methods include links to malware-infested payloads sent in spam email, and malicious or compromised sites that mobile users might browse to. The good news for Android users is that Google actively monitors and updates its software to prevent and remove malicious apps from infecting devices. Additionally, a major software vulnerability often used by ransomware apps will be fixed in the next major Android version release in August.

If you use an iOS device, and think you’re safe from ransomware – think again. While Apple’s app store has generally stricter app requirements than Google’s Play store, malicious apps have been known to get through the vetting process. Apple’s recently released iOS version 10.3 contains a patch for a vulnerability previously exploited in a ransomware scheme.

Ransomware is a cybercrime trend that is likely here to stay, as criminals come up with increasingly clever and sophisticated ways of stealing money and disrupting critical infrastructure. As always, the best way to protect yourself is to practice basic cyber hygiene – don’t open spam email, regularly backup data from your smartphone, don’t install apps from third-party app stores, and use an antivirus app on your phone.