Hollywood has a history of obsession with the thriller and horror movies based on kidnappings. A common plot line is for a crime syndicate to abduct a person and then demand a large amount of money for their return. Such schemes rarely work in the movies, they are constantly thwarted by an A-list hero, but hackers have taken the idea of abduction and applied it to their malware with greater success.
Ransomware is a specific type of malware that locks a user out of their phone and demands a monetary payment in order for the user to regain access. The practice started on Windows computers, but in recent years cybercriminals have begun to target mobile phones. Spurred by success, the rate of Ransomware infections is increasing and as long as the trap is profitable, Ransomware will never go away.
How Ransomware Works
Although Ransomware is a relatively new type of malware, the delivery of the malicious files relies largely on well established means. Ransomware is typically disguised as a Trojan and gains access to a system when they are accidently downloaded. On mobile devices, the most common hiding place for Ransomware is in apps. In the past, video player apps, adult entertainment apps, and software updates have all played cover for Ransomware while the bad program delivers the payload.
In terms of malware, the payload is the code that infects the device and performs the harmful action. Ransomware locks a user out of their own phone and there are three primary ways it does this.
1. Fake Police Alerts – A warning page appears on the screen and locks itself, explaining that the authorities (FBI, Department of Defense, Cyber Crime Center, etc.) have discovered illegal activities on the phone.
2. Lock Screen – The Ransomware infiltrates the phone’s lock screen, and appoints itself or trick the user into making it the device administrator. Then the malware prevents the user from using the phone until payment is made.
3. File Encryption – Data is scrambled and people receive a ransom note saying, “Your phone has been encrypted. Pay $300 to us and we will give you the key.”
Payloads vary slightly, but in all cases Ransomware leverages a person’s data against them and demands money, usually between $200 and $500. Some of the most successful Ransomware have stolen millions of dollars and they include the programs Koler, Simplelocker, and CryptoLocker among many others.
What to Do if You Are Victimized
First of all, because Ransomware is not in the Google Play Store, phones must be set to “allow apps from unknown sources” for Ransomware to be downloaded. However, people approve apps for download all the time, and if you are infected with Ransomware, removal is difficult but possible. Here are the options:
1. Pay the Ransom – Obvious but not a favorable choice
2. Factory Reboot – Complete restart that results in a loss of all data and photos
3. Enter “Safe Mode,” Remove Ransomware as Device Administrator, Uninstall Ransomware
How to Prevent Ransomware
The best defense against Ransomware and other form of malware is to prevent them from ever accessing your phone. One way to protect your phone is to install an antivirus app that has the ability to scan files in real time. This means that apps, websites, and zip files will be checked out before they are downloaded, and if malware is detected, then you will be alerted. No coincidently, Android Security Suite is designed to do just that; vet everything for malicious software before it becomes an issue. With Android Security Suite on your phone, you don’t have to worry about Ransomware, I guess you could say we are the preemptive hero of your personal hostage film.