Android Ransomware: Four-fold Increase in Number of Users Attacked in One Year

The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting at least 136,000 users globally. A report on the ransomware threat landscape, conducted by Kaspersky Lab, also found that the majority of attacks are based on only four groups of malware. The report covers a full two-year period which, for reasons of comparison, has been divided into two parts of 12 months each: from April 2014 to March 2015, and April 2015 to March 2016. These particular timescales were chosen because they witnessed several significant changes in the mobile ransomware threat landscape.

Ransomware - a type of malware that blocks access to information on a victim’s device by locking the screen with a special window or encrypting important files, and then extorts money - is a widely recognized security problem today. But it is not only PC users who are in danger. The cyber-threat landscape for owners of Android-based devices is also being filled with ransomware, as is clearly visible in the key findings of the report.

Key findings:

• The number of users attacked with mobile ransomware increased almost four-fold: from 35,413 users in 2014-2015, to 136,532 users in 2015-2016.
• The share of users attacked with ransomware as a proportion of users attacked with any kind of Android malware also increased: from 2.04% in 2014-2015, to 4.63% in 2015-2016.
• Germany, Canada, the United Kingdom and the United States experienced a higher percentage of users attacked with Android ransomware than any other countries.
• Only four groups of malware were responsible for more than 90% of all attacks registered in the period. They are the Small, Fusob, Pletor and Svpeng malicious families.
• Unlike the threats facing PCs, where crypto-ransomware is skyrocketing while the number of users attacked with screen-blockers is decreasing, Android ransomware is mostly in the form of screen-blockers. This is due to the fact that Android-based devices can’t remove screen lockers with help of external hardware, making mobile screen blockers as effective as PC crypto-ransomware.

Although the actual number of users attacked with ransomware is lower and the rate of growth slower than that seen for PC ransomware, the situation with Android ransomware is still worrying. At the start of the comparison period, the monthly number of users who encountered this type of malware on Android devices was almost zero, but by the end it had reached nearly 30,000 attacked users per month. This clearly indicates that criminals are actively exploring alternative opportunities to the PC and show no signs of moving on.

“The extortion model is here to stay. Mobile ransomware emerged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone. These could be connected devices like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time,” said Roman Unuchek, mobile security expert at Kaspersky Lab.

In order to protect yourself from mobile ransomware attacks, Kaspersky Lab advises the following measures:

• Restrict the installation of apps from sources other than official app stores.
• Use a reliable security solution capable of detecting malware and malicious web links.
• If installing apps from non-official sources is unavoidable, keep an eye on what permissions the app is requesting. Don’t install such apps without a security solution in place.
• Educate yourself and your relatives on the latest forms of malware propagation. This will help you to detect an attempted social-engineering attack.

Read the full report on Securelist.