Google doesn’t exactly make their security enhancements and victories a secret, especially when those enhancements concern Android. Android’s operating systems are being constantly upgraded to be able to defeat any and all threats and attacks by malicious apps and similar threats.
They’ve recently revealed how they managed to reduce the ransomware attacks on Android, during the Kaspersky Lab Security Analyst Summit. Their ‘cure’ is a mix of rollbacks of some functionalities that aren’t popular anymore but still can be used as a weak point, and deprecated APIs.
It has been revealed that Google’s strategy was to hunt down over 30 different ransomware families that are known to attack Android system, and after doing so, the company collected over 50,000 samples. Those samples were then observed and studied so that the patterns in their behavior would be discovered. The point of the process is to adjust Android so that it would become safe from the malware. In order to breach the new Android security, new malware would have to be developed, and the need for doing so will raise the cost of the development. Basically, the more development costs, the fewer variations of malware will be created.
Adjustments to Android were made by studying malware, figuring out what it does and how it does it, and there were even some unplanned adjustments that were inspired by the malware that was inserted.
Ransomware for smartphones is a rare thing since most of it was developed from malware to infect and encrypt the content of a Windows desktop. Windows ransomware, on the other hand, has come quite a way when it comes to its evolution and development. It’s now able to encrypt data on a local hard drive, and also folders and files on shared network drives, and network attached storage as well, just in case there was a backup.
While in the mobile world, most of them attacked some of the older versions of Android whose security isn’t updated anymore. One of these threats was noticed last year, and its usual practice was to lock the device’s home screen and demand Apple iTunes gift card. If the card was provided, the decryption key for unlocking the phone would be delivered.
Android security team malware analyst Elena Kovakina has stated that “The really amazing thing about ransomware is that it flies in the face of some principles of Android security. In Android, we have a good idea of what apps should and shouldn’t be doing. Apps cannot interfere with the normal behavior of other apps or the device itself. With ransomware, that’s it’s most notorious feature. Apps, also, cannot damage the device or data. Ransomware does that by encrypting it. Apps should also be able to be uninstalled. Ransomware prevents this.”
She also said that Google’s priority was to counter some of the evolving ransomware threats that were recently noticed and that this was done y deprecating certain APIs. Basically, some of the apps that could be potentially dangerous got the uninstall option just in case that the certain type of behavior appears.
She said that Android O was also improved, and the goal is to make it invulnerable to ransomware. And when it comes to those who use older versions, Google is working on updating VerifyApps, and it will now have a malware scanner that can block the ransomware installation instead of just reporting its presence.