ESET Research @ Mobile World Congress: The Rise of Android Ransomware

Next story

ESET®, the pioneer of proactive protection, released its white paper “The Rise of Android Ransomware” today.  The report tracks the developing trend of this especially insidious malware. Whether via encryption capabilities (as discovered by ESET in 2014 with Simplocker), with PIN locking capabilities (as LockerPin discovered by ESET in 2015) or simply lockscreen ability, this type of malware increasingly endangers Android users and continues in keeping our researchers busy. This ESET research paper, published ahead of the Mobile World Congress in Barcelona, addresses this topic. ESET will be located in Hall 5, Booth B05. The largest expo for the mobile industry starts on February 22 in Barcelona, Spain.
As the authors of the paper – ESET researchers Robert Lipovsky, Lukas Stefanko and Gabriel Branisa – conclude, ransomware is a growing problem for users of mobile devices. Lock-screen types and file-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. Like other types of Android malware – SMS trojans, for example – ransomware threats have been evolving over the past few years and malware writers have been adopting many of the same techniques that have proven to be effective in regular desktop malware.
Both on Windows and on Android, lock-screens are nowadays usually of the “police ransomware” kind, trying to scare the victims into paying up after (falsely) accusing them of harvesting illegal content on their devices. Likewise, as with the infamous Windows Cryptolocker ransomware family, crypto-ransomware on Android started using strong cryptography, which meant that affected users had no practical way of regaining the hijacked files. And because everyday data, such as photos, for example, are now kept on smartphones rather than PCs by so many people, the threat of losing this data is now greater than ever.
One interesting observation that we have made is that the attackers’ center of focus is no longer only Eastern European countries. A number of recent families, such as Android/Simplocker and Android/Lockerpin, for example, have been targeting victims mostly in the USA. 
The graph below shows the increasing trend in Android ransomware detections since April 2014, with the trend reaching a peak of detections in August and September 2015, as recorded by ESET LiveGrid® telemetry.
Android Ransomware Trend (April 2014 – January 2016)