Story image

Ransomware masquerades as FBI, Android users in the crossfire

26 May 2015

Thousands of Android users have been targeted by a ransomware that demands users to pay $500 to restore access to their smartphone, according to Bitdefender, the anti-malware provider.

Posing as an Adobe Flash Player update, the malware is installed as an innocent video player. However, when the user begins to run it a fake error message is displayed purported to be from the FBI.

After pressing ‘OK’ to continue, users see an ‘FBI warning’ and are unable to navigate away from the programme.

The device’s home screen then delivers a fake message telling users they have broken the law by visiting pornographic websites.

Hackers have also included screenshots of users’ purported browsing history in the malware to make the message more compelling, as well as claims to have screenshots of the victims’ faces and locations.

In order for users to restore access to their device, hackers demand $500. Although, if users try to ‘independently unlock’ their devices, the demand triples to $1,500.

Users are prompted to pay the fee by transferring money via Money Pak and PayPal My Cash.

Bitdefender has detected this threat as the ‘Android.Trojan.SLocker.DZ.’; one of the most prevalent Android ransomware families. 

According to Bitdefender’s internal telemetry, multiple versions of this malware family are available, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.

More than 15,000 spam emails containing malicious .apk files has hit the inboxes of Android users in the last few days, including zipped files detected from servers located in Ukraine, says Bitdefender.

Safety recommendations for users

Unfortunately, there is not much users can do when they fall victim to ransomware, even if this particular strain does not encrypt the files on the infected terminal, says Bitdefender.

When a user is attacked by ransomware, the device’s home screen button and back functionalities are disabled.

Turning the device on and off doesn’t help either because the malware continues running when the operating system boots.

In certain circumstances, Android users can reclaim control of their devices. For instance, if they have Android Data Bridge (ADB) enabled on their infected Android, as they can programmatically uninstall the ransomware application.

If supported by the mobile device, users can also start the terminal in Safe Boot, which allows the user to load a minimal Android configuration which prevents the malware from running. This approach can buy enough time to manually uninstall the malware.

Here’s list of recommendations for users to prevent falling victim to ransomware:

  • Never install applications from untrusted sources. Android blocks the installation of applications outside the Play Store by default, but there are instances when users are forced to change the settings (i.e. when using third-party Android markets). If possible, leave this option in its default state.
  • Regularly back up your data in the cloud or on an external drive.
  • Use an anti-malware solution for your Android device and keep it constantly updated and able to perform active scanning.
  • Follow good internet practices; avoid questionable websites, links or attachments in emails from uncertain sources.
  • Use a filter to reduce the number of infected spam emails that reach your inbox.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Huawei to deploy Open Rack in all its public cloud data centres
Tech giant Huawei has unveiled plans to adopt Open Rack proposed by the Open Compute Project in its new public cloud data centres across the globe.
Beyond renewables: Emerging technologies for “greening” the data centre
Park Place Technologies’ CEO shares his views on innovations aside from renewable energy that can slim a data centre’s footprint.
Interxion’s David Ruberg wins Europe’s best data centre industry CEO
The European CEO Awards took place this week to celebrate the key figures at the helm of corporations that are driving innovation.
Opinion: 5G’s imminent impact on data centre infrastructure
Digital Realty’s Joseph Badaoui shares his thoughts on how 5G will transform data centre infrastructure now and beyond.
EMEA external storage market hits record high, Dell EMC on top
IDC's recent analysis on the external storage market in EMEA has shown healthy results - with some countries performing better than others - largely fuelled by all-flash arrays.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Was Citrix unaware of its own data breach until the FBI got involved?
According to a blog post from Citrix’s CSIO Stan Black, the FBI contacted Citrix on March 6 and advised that international cybercriminals had allegedly gained access to Citrix’s internal network.