Cybercrime has not given up on ransomware just yet. In fact, it’s expanding as different Eastern European mafias are competing with each other for market share in this segment. Here are three campaigns that are active at the moment:
1) Owners of Android devices need to pay attention. IT Security company Check Point alerted about a new Simplocker variant, which locked tens of thousands of Android phones and tablets. Victims are told to pay between 200 and 500 dollars to get access to their files. The infection is relatively easy to prevent, as it’s only spread through unofficial download sites (meaning not Google Play) and mis-identify themselves as “Flash Player”.
In case the user installs the app, they get a spoofed alert purportedly from the NSA that they need to pay a fine within 48 hours. If not paid, the fine doubles. End-users are not able to remove the app easily, and even then the files are encrypted. Check Point’s research showed that around 10% of the users did pay the ransom, which is much higher than other strains.
Conclusion: Warn your users, friends and family to ONLY download apps from the Google Play store, and even those are sometimes malicious so be very careful.
2) MOORE, Oklahoma’s school district was hit with ransomware on their public Windows drive. “Once the virus was located the director of technology shut down every server,” said Dustin Horstkoetter, Moore Public Schools. Many teachers are now forced to redo weeks of lesson plans. Experts say unfortunately this type of malware is becoming more prominent and profitable. “They are not really after to steal your data. They are there to make revenue,” said Mark Gower, Oklahoma’s chief information security officer.
End-users should be stepped through effective security awareness training to prevent infections like this.
3) A new adult-themed strain of Android ransomware uses pictures of the user to manipulate them into paying a $500 fine. The variant presents itself as a porn app. Once the user installs it and grants admin rights, the code makes a stealthy picture and shows this picture with the extortion demand.
In the on-screen demand, the country of the user, their IP address, their ISP and details about the device are displayed with the notification a crime has been committed and to get access to the device a fine needs to be paid.
The ransomware stays active, even after a restart of the device until the fine is paid. However, there is a way around this malware. Restart the device in safe mode, remove administrator rights from the app, and uninstall the app.
Prevention: To avoid being victim of such ransomware, it is always best to download apps only from trusted app stores, such as Google Play. This can be enforced by unchecking the option of “Unknown Sources” under the “Security” settings of your device.
These examples make it clear that all your employees need to be stepped through effective security awareness training to prevent social engineering attacks like this from getting through.