HKCert
Security Blog

Beware of "Ransomware" targeting mobile devices

Release Date: 29 / 09 / 2014
Last Update: 30 / 09 / 2014

Recently, security researchers discovered a new variant of "Encryption Ransomware" targeting mobile devices. Once the ransomware infects a device, it encrypts the files on it and then demands ransom for the decryption key to recover the data.

 

Encryption Ransomware

 

In October 2013, a wave of "Encryption Ransomware", including CryptoLocker (Note 1), Bitcrypt, CryptoDefence (Note 2), CryptoWall, ZeroLocker, etc., infected around 625,000 PCs. Each infected PC was extorted a ransom from several hundred to several thousand of HK dollars. In August 2014, SynoLocker (Note 3), a malicious file encryption attack targeting unpatched Synology Network Attached Storage (NAS) devices was discovered. SynoLocker encrypted the files inside the NAS and then demanded user to pay for data recovery.

 

Ransomware going mobile

 

The first mobile ransomware was discovered in May 2014 targeting Android systems. The initial version only locked the device screen and demanded ransom. User could simply solve the problem by removing the ransomware app in Android Safe Mode (Note 4).

 

In July 2014, security researchers discovered that the latest version of mobile ransomware included an "encryption" feature. This ransomware faked itself as a multimedia player app (see Figure 1) and lured users to install. After the installation, the ransomware encrypted various types of files (see Figure 2) inside the mobile device, such as photos, videos, and documents, causing the files unable to be opened. Then, it extorted around US$300 from the user for the decryption key.

 

Figure 1. Ransomware faking as a multimedia player

 

Figure 2. File types targeted in Encryption Ransomware

 

In general, user may not perform regular backup on the mobile device. If a mobile device is infected by encryption ransomware, user will lose his valuable files, such as phots and video. 

 

HKCERT would advise users to take the following methods to protect your data and reduce security risk on mobile devices.

 

1) Backup data on your mobile device regularly

On an iOS device, user can connect the device to iTunes on PC, and backup regularly.

On an Android device, user can manually backup data through USB connection, or can use the backup software provided by the phone manufacturer.

 

2) Do not install unknown source App

User should only download and install Apps from the official app store. Do not install Apps from unknown sources.

 

3) Install Anti-virus security App

On an Android device, user can install an Anti-virus security App from the official app store.

 

4) Do not break the security of device

On an iOS device, user should not try to "Jailbreak" the device.

On an Android device, user should not try to break the security to gain "root" privilege.

 

For additional information about data protection on PC, please refer to https://www.hkcert.org/my_url/guideline/08092303

Note 1: CryptoLocker [https://www.hkcert.org/my_url/ blog/13101102]

Note 2: CryptoDefence [https://www.hkcert.org/my_url/blog/14041401]

Note 3: SynoLocker [https://www.hkcert.org/my_url/alert/14080601]

Note 4: Android Safe Mode [https://www.hkcert.org/my_url/blog/14012701]

 

 

Reference: