Have you ever wondered how possible or impossible it is for your mobile device to be cyber hijacked? In the Cybercrime world, in every impossibility lurks a possibility, which can be exceeded beyond any elastic limit. How possible is mobile ransomware hijack?
What Is Ransomware
Ransomware is a type of malware that locks a device or encrypts the data on it and then demands a ransom payment to unlock the device or to decrypt the data.
Ransomware is typically spread using social engineering tactics, meaning that people are tricked into downloading it. In social engineering schemes, victims think they are downloading innocent content or a crucial service, such as antivirus software or a bill they need to pay when they are downloading ransomware in the real sense.
Once downloaded, the ransomware displays a fake message accusing the user of illegal activity (downloading illegal porn or something similar). The ransomware then encrypts files or locks the device and demands a ransom payment to unencrypt the files or to unlock the device. Once payment is made, often with Bitcoins via Tor, the ransomware communicates with a C&C (command and control) server, which then sends the victim the decryption key.
“Ransomware boomed because it has an immediate effect on the infected user’s psychology. Fear and anxiety are two main emotions that criminals can evoke to get their victims to pay the ransom,” said Nikolaos Chrysaidos, mobile malware analyst at Avast. “Social engineering plays a significant role in developing fear. Images and text can lead the victim into believing they are being accused of performing illegal activities. Anxiety can be caused by countdown timers that limit the time the victim has to pay the ransom and decrypt the device or files.”
How Ransomware Transitioned To Mobile
Cybercriminals are like teenagers in that they like to keep up with all the latest trends, which in this case, means ‘going mobile’ with ransomware. Malware used to target PCs is now targeting mobile devices.
Nearly two-thirds of Americans own a smartphone and according to an Ericsson report, 70% of the world’s population will be using a smartphone by 2021. This increasingly large target pool is ideal for cybercriminals because people are storing larger amounts of sensitive, personal data on their smartphones, which also means they would be more willing to pay a ransom to recover their threatened data.
How Mobile Ransomware Is Distributed
Since it is difficult to get malware onto the Google Play Store, ransomware distributors heavily rely on social engineering to trick people into downloading malicious content from websites. We have seen many cases where ransomware is disguised as an antivirus app on a site that looks nearly identical to Google Play. First, the user stumbles across an ad while browsing, which claims that the device is infected. When clicked on, the ad opens a page that looks just like the Google Play Store. If you look carefully, the site has a different domain name. The fake site will have a URL like google. xy, not google.com. The fake app proceeds to instruct the victim to enable the downloading of apps from sources other than the official Google Play Store.
Ransomware can also be distributed via vulnerabilities like Certifi-gate. If distributed via Certifi-gate, a malicious app does not need to trick the user into giving it access to download the ransomware from outside of the Google Play Store, it can grant itself that access.
What Happens Once A Device Is Infected
Once ransomware is downloaded, it sends a fingerprint of the app, the IMEI, or the device’s phone number to a C&C server.
Depending on the level of the malware’s sophistication, the C&C server sends back either a generic encryption key, a unique encryption key for the particular device, or there is simply no communication with a C&C server at all. If an encryption key is sent, the device can be locked or files on the device can be encrypted.
What Happens When The Ransom Is Paid
In some cases, apps don’t decrypt data even if a ransom is paid. We have also seen cases where the app does decrypt data after the ransom and pretends to delete itself, but the ransomware remains hidden on the device. When hidden, ransomware can remain dormant for some time, sending pings back to a C&C server. In this case, cybercriminals can send a command and reactivate the ransomware at any time. Because of this, it’s imperative for infected, ransom-paying individuals to download mobile antivirus software, to ensure that the malware is completely removed and is not capable of being reactivated.
Pranksters vs. Cybergangs
The distributors of mobile ransomware can be split into two groups:
“Thirty percent of ransomware is spread by amateurs who want to make a bit of pocket change. This group spreads ransomware that either doesn’t encrypt infected devices or uses a generic encryption key,” says Filip Chytry. “The other 70% of ransomware is spread by cybercriminals. These cybercriminals distribute ransomware that communicates back to C&C servers that send unique encryption keys for each device they infect. We can tell there are organized networks behind this type of ransomware because they have servers around the world and rotate between these servers to make it harder for antivirus companies to block their server connections.”
What To Do When Your Phone Is Infected With Ransomware
If your phone becomes infected with ransomware, there is, unfortunately, little you can do besides pay the ransom. We usually discourage paying the ransom because this reinforces the fact that ransomware is an effective way for cybercriminals to make money and encourages them to continue. If you are infected with ransomware that still allows you to download other apps, try downloading Mobile Security to rid your device of the ransomware.
How To Protect Yourself From Mobile Ransomware
As stated above, there is one very important step you need to take to protect all of your devices — mobile, PC, and Mac alike — from ransomware: Download an antivirus solution. These solutions can protect your device and the data on it from many different forms of malware.
In addition to downloading an antivirus, make sure that you’re aware of the actions you take while browsing the Internet. Do not open any links or attachments from unknown or suspicious sources.
