Malware will lock users out of their devices then demand money transfer to regain access
WASHINGTON – How much would you pay to have your smartphone released if it were hijacked? It sounds like a joke, but according to the Cisco 2015 Midyear Security Report, the use of mobile ransomware is on the rise.
“In today’s flourishing malware economy, cryptocurrencies like bitcoin and anonymization networks such as Tor are making it even easier for miscreants to enter the malware market and quickly begin generating revenue,” the report states.
Somewhat more worrisome, the report also notes: “To become even more profitable while continuing to avoid detection, operators of crimeware, like ransomware, are hiring and funding their own professional development teams to create new variants and tactics.”
Ransomware is a malware that allows criminals to remotely lock users out of their phones, then demand money – usually in the form of untraceable wire transfers, money orders or bitcoins – to release the device.
While the amount can vary, the report authors wrote, “The ransom demanded is not exorbitant. Usually, a payment between $300 and $500 is required. Why such a modest fee? Adversaries who deploy ransomware have done their market research to determine the ideal price point. The idea is that the ransom is not set so high that a user won’t pay it or, worse, that it will motivate the user to contact law enforcement. Instead the ransom is more of a nuisance fee, and users are paying up.”
Recently the BBC reported on a case of ransomware. Adult Player, an app that supposedly offered free pornography, turned out to be a trap. The app locked users out of their device, took their picture and threatened to expose them unless the attackers were paid a $500 fee.
“One of the reasons for the increase is that it’s very easy to make,” said Raj Samani, CTO for Intel Security in Europe. “There are people you can pay to do the work for you, and it pays really well. One group we tracked made more than $75,000 in 10 weeks. Apps like this rely on the embarrassment factor. If you don’t pay, your reputation is on the line.”
Cisco cautioned users to “protect themselves from ransomware by backing up their most valuable files and keeping them isolated, or ‘air gapped’ from the network. Users should also realize that their system could be at risk even after they pay a ransom and decrypt their files. Almost all ransomware is multi-vector. The malware may have been dropped by another piece of malware, which means the initial infection vector must still be resolved before the system can be considered clean.”
The most effective way to avoid ransomware is to stick to trusted Internet channels and mobile app stores. The Cisco report observed that “nearly all ransomware-related transactions are carried out through the anonymous Web network Tor. Adversaries keep the risk of detection low, and profitability high, by using channels like Tor and the Invisible Internet Project.”
