Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mobile Ransomware attack on the rise, report


The incidences of mobile ransomware has more than doubled in the two years and, while this still lags behind what is happening with PC ransomware, it is still a worrisome trend, according to a Kasperskly Lab report covering the previous 24 months.

Kaskpersky Lab's KSN Report: Mobile Ransomware 2014-2016 found that between 2015-16 4.63 percent of all malware taking place on mobile devices was ransomware, up from the 2.04 percent seen in 2014-15. When it comes to the sheer number of attacks the research firm noted that between April 2014 and March 2015 it had protected 35,413 users from mobile ransomware. This figured jumped to 136,532 users protected the following year.

The reason behind the growth of mobile ransomware is the simple fact that its victims pay the ransom, mainly because of the importance they place and inherent value they see in their devices. The reation of new crypto currencies makes it more worthwhile for criminals to target these devices because it is now easier than ever to pay the fee and this plays into why location plays a major role in who is being targeted.

Kaspersky said that during the first year of the report Americans were the favored targets, followed by those in Kazakhstan, Ukraine and Germany. However, a dramatic shift took place during the last 12 months with Germany, Canada and the UK hopping to the top of the list and pushing the United States down to fourth place, followed closely by Kazakhstan. The reason for this change is the first-world countries now at the top list have a more advanced mobile payment infrastructure that is accessible to more people creating a larger market that is better equipped to pay the ransoms.

“Criminals like to get as close to their victim's money as possible and attacking a user who can transfer the ransom in couple of taps or clicks is likely to have the most appeal,” the report said.

The report also found that the type of ransomware found in the mobile world differs greatly from what is found on the computer side. Instead of Locky, RAA or CryptXXX phones are hit with Pletor, Fusob, Svpeng and Small.

The criminals who develop and spread mobile ransomware are most likely comprised of small to medium-size groups of Russians who interact and cooperate through a series of affiliated networks. The smaller groups contain those individuals with the money and desire to steal, while the larger gangs tend to have the technical savvy to pull off an attack.

These gangs tend to function in similar fashion as American organized crime families with each part of the group sharing in the spoils.

“Through this business scheme, multiple affiliates receive a unique version of the malware from the owner of the affiliate network, and take charge of its distribution: spreading it through websites, spam and other ways of propagation. Every time a victim infected with such malware pays the ransom, the affiliate receives some cash from the owner of the network, who gets the lion's share of the ransom,” the report said.

Kaspersky's researchers were not optimistic about the future saying that mobile ransomware is here to stay in the same manner that the mobile version was a follow up to what is being done in the PC world, the bad guys will target the full spectrum of connected products that are now available, such as, smart watches and Smart TVs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.