Two Malware Families Responsible for the Rise in Mobile Ransomware

Two Malware Families Responsible for the Rise in Mobile Ransomware

The dangers related to mobile malware, and especially ransomware, have grown in number for 3.5 times in the first quarter of this year. This increase was noticed when the number of attacks was compared to the situation in the first quarter of 2016, which is quite alarming.

Most of the attacks were made by 250,000 different Trojan installation packages. They are still targeting Android users, and are trying to extort whatever they can. They mostly demand somewhere between $100 and $500.

The most targeted were Android users from Germany, but lately, the US citizens are becoming targeted more often than before, too. Most of these reports were published by Kaspersky Lab.

In the last several years. the mobile ransomware attacks were not as often in the first quarter of a year. In fact, in both 2015 and 2016, the ransomware attacks dropped down for around 4.6%. Now, in 2017, this sudden increase is pretty much an anomaly.

The Kaspersky Lab’s report observed the decrease during the previous two years. Their suggestion was that the decrease was made because of successful collaborations between security vendors, law agencies, and other actors that helped improve the situation. Now, this 2017-spike alters the score. It is believed that the Svpeng ransomware family is responsible, especially since it grew up to three times bigger than it used to be.

PC and mobile ransomware are different. On PC, ransomware will get to your computer via phishing attacks or exploit kits, while mobile ransomware travels around on malicious apps. Also, sometimes, fake video players for adult content can carry it as well. It asks for an Adobe Flash Player update or download, which is how they get to you.

This ransomware doesn’t use your system’s vulnerabilities. Instead, it will try to trick you into downloading it yourself. Especially vulnerable are older Android models since they have even fewer security features than the new ones.

Another malware family, Fusob, is also suspected of dominating the ransomware space. Svpeng and Fusob are the biggest threats, and Kaspersky Lab’s researchers suspect Fusob of being responsible for the bulk of ransomware activity. It mostly tries to make itself look like a multimedia player, and it blocks your phone when you download it. It then demands $100-$200 in return for the release key.

As for Svpeng, it was found by Kaspersky Lab in 2013. Back then, it was identified as a banking Trojan, but in the last four years, it became a fully modified and capable ransomware. It even got promoted via SMS-based engineering campaigns. When you download it, it pretends to scan your phone, and then displays an FBI penalty notification. It says that you have illegal content and that you must pay $200 for unlocking the device again.

It is mostly attacking Germany, Canada, the UK, and the US. What this all means is that the majority of malware attacks lie with only a few different malicious programs.

PC ransomware situation is bad as well, and the number of ransomware went up for 11.4%. A rise in targeted ransomware attacks was noticed as well. Kaspersky’s report also says that ransomware is becoming more and more sophisticated, and it offers more and more to hackers with lesser skill, less time, and fewer resources.

The one good thing that might come out of this is the increase in anti-ransomware projects. The more threats appear, the more solutions are needed, which means that the safety gets automatically increased.