Story image

Kiwis warned to watch out for mobile ransomware

31 Jul 2014

Mobile device users are being warned to be vigilant for mobile ransomware, with reports of a steady increase in the malicious software in recent months.

Security company Fortinet says rasomware threats have been 'big' on mobile phones this year, from the emergence of the first variant targeting iOS devices to the first Android variant that encrypts phone data.

Ransomware is a type of malware that restricts usage of an infected device, demanding payment in order for the device to be freed again.

This week a ransomware campaign using the Koler malware reported hit thousands of Android users worldwide, displaying a phony law enforcement message and demanding up to US$300 to unlock the device.

Ruchna Nigam, Fortinet FortiGuard Labs security researcher, says hackers have found a new lucrative target in mobile handsets.

“The public needs to become more security-aware, and take more measures to prevent their handsets from becoming conduits of monetary and information loss."

Nigram's top tips to guard against mobile ransomware are:

* Have a functional antivirus software on your phone. This should prevent or at least warn against installation of infected applications.

* Always install applications from trusted sources and developers. If in doubt, user comments can help gauge the legitimacy of an application.

* iPhone and iPad users should activate and set passcodes on their device. This forces the use of that passcode while activating the Find My iPhone feature, thereby rendering the iCloud ‘Oleg Pliss' ransomware attack ineffective.

Fortinet highlighted four mobile ransomware it has detected recently.

Simplocker, discovered in June, comes in the form of trojanised applications like a flash player, for example.

Fortinet says this is the first 'real' ransomware seen on Android, in the sense that it actually encrypts files with extensions like jpeg, jpg, png, bmp,gif, pdf, doc, docx, txt, avi and mp4, on the phone.

Even after uninstallation of the application in safe mode, filed need to be decrypted to be read.

Cryptolocker for mobile, discovered in May, disguises itself as a fake BaDoink video downloader application. The malware doesn't cause any damage to the phone data, but does display a locked screen claiming to originate from local police and customised to the geo-location of the end user.

The locked screen is relaunched every five seconds making phone operation near impossible without uninstalling the malware.

iCloud 'Oleg Pliss', also discovered in May, accounted for the first reported cases of ransomware for Apple devices.

Fortinet says these incidents can't be attributed to a particular piece of malware, but to compromised iCloud accounts in combination with social engineering.

“The attackers were believed to have exploited Apple’s Find My iPhone, iPad, and Mac feature along with recycled passwords leaked from password breaches.”

The attack doesn’t work if the device already has a passcode (phone lock) set. The malware can potentially leak calendar and contact information, and allow the attacker to delete all information on the phone.

FakeDefend, discovered in July 2013, comes disguised as a fake antivirus application, prompting endusers to pay for a full subscription after performing a fake scan and showing a list of hardcoded 'infections'.

“If the [Android] user decides to pay, the credit card details entered are leaked to the attacker's server in plain text. These captured credit card details may be used for rogue transactions later.”

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.