Story image

Kiwis warned to watch out for mobile ransomware

31 Jul 14

Mobile device users are being warned to be vigilant for mobile ransomware, with reports of a steady increase in the malicious software in recent months.

Security company Fortinet says rasomware threats have been 'big' on mobile phones this year, from the emergence of the first variant targeting iOS devices to the first Android variant that encrypts phone data.

Ransomware is a type of malware that restricts usage of an infected device, demanding payment in order for the device to be freed again.

This week a ransomware campaign using the Koler malware reported hit thousands of Android users worldwide, displaying a phony law enforcement message and demanding up to US$300 to unlock the device.

Ruchna Nigam, Fortinet FortiGuard Labs security researcher, says hackers have found a new lucrative target in mobile handsets.

“The public needs to become more security-aware, and take more measures to prevent their handsets from becoming conduits of monetary and information loss."

Nigram's top tips to guard against mobile ransomware are:

* Have a functional antivirus software on your phone. This should prevent or at least warn against installation of infected applications.

* Always install applications from trusted sources and developers. If in doubt, user comments can help gauge the legitimacy of an application.

* iPhone and iPad users should activate and set passcodes on their device. This forces the use of that passcode while activating the Find My iPhone feature, thereby rendering the iCloud ‘Oleg Pliss' ransomware attack ineffective.

Fortinet highlighted four mobile ransomware it has detected recently.

Simplocker, discovered in June, comes in the form of trojanised applications like a flash player, for example.

Fortinet says this is the first 'real' ransomware seen on Android, in the sense that it actually encrypts files with extensions like jpeg, jpg, png, bmp,gif, pdf, doc, docx, txt, avi and mp4, on the phone.

Even after uninstallation of the application in safe mode, filed need to be decrypted to be read.

Cryptolocker for mobile, discovered in May, disguises itself as a fake BaDoink video downloader application. The malware doesn't cause any damage to the phone data, but does display a locked screen claiming to originate from local police and customised to the geo-location of the end user.

The locked screen is relaunched every five seconds making phone operation near impossible without uninstalling the malware.

iCloud 'Oleg Pliss', also discovered in May, accounted for the first reported cases of ransomware for Apple devices.

Fortinet says these incidents can't be attributed to a particular piece of malware, but to compromised iCloud accounts in combination with social engineering.

“The attackers were believed to have exploited Apple’s Find My iPhone, iPad, and Mac feature along with recycled passwords leaked from password breaches.”

The attack doesn’t work if the device already has a passcode (phone lock) set. The malware can potentially leak calendar and contact information, and allow the attacker to delete all information on the phone.

FakeDefend, discovered in July 2013, comes disguised as a fake antivirus application, prompting endusers to pay for a full subscription after performing a fake scan and showing a list of hardcoded 'infections'.

“If the [Android] user decides to pay, the credit card details entered are leaked to the attacker's server in plain text. These captured credit card details may be used for rogue transactions later.”

EU cloud adoption rising, but still far from mainstream
Cloud adoption is surging among some European Union (EU) nations but it still has a way to go to becoming commonplace across the board
Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.