Security Blog

Mobile devices already affected by Ransomware

This is probably a horror scenario that every computer user can relate to. Imagine that because of a Trojan your entire computer is blocked, all of your personal and financial data has been encrypted and only by paying a ransom, the computer will be unlocked again. This is the effect of the so-called “Police Trojan”, among experts also known as “Ransomware”, which was the fate of numerous users.

Security: Do not allow installation of apps from unknown sources

Newest findings show that not only PCs can be affected as once presumed, but also mobile devices can be the victim of these attacks. “The latest analysis for Android Malware leaves us without a doubt that these attacks can soon occur on smartphones and tablets. The findings are becoming more and more likely”, explains Sebastian Bachmann, Android Security Specialist at IKARUS Security Software. A Proof of Concept developed by local specialist’s show how easy it is to lock someone’s device. The most shocking part of the whole situation is that the infection of a mobile device isn’t a particularly sophisticated developed App, the standard features that are offered by every Android Device are enough to do this. Once the device is infected, the user has only two options. Either guess the required password to unlock the device (which is unlikely) or to pay the demand ransom (which does not guarantee the device will be unlocked). If the user does not want to pay the ransom, they are left with the “last chance” option of restoring the device and losing all of the data. The best case is that some or all of the data has been backed up and can be restored. As if that was not enough, you cannot disregard that the attacker (at the start of the infection) had full access to the device and all of its contents. Information cannot only be deleted, but also given to third parties. Sebastian Bachmann from IKARUS recommends that the setting to download Apps via unknown sources to the device should be disabled (see screenshot) and Apps should only be installed via Google Play. In each case, you have to avoid installing Apps through an untrustworthy source (E.g. File-sharing sites, e-mail, NFC, QR codes, amongst others).“Through the increased usage of wireless technologies like NFC for payments, QR codes, Bluetooth or Wi-Fi, the chances of experiencing attacks of this kind naturally rise because links and even Apps can be easily transferred to the mobile device”, warns the Android Expert.


For a better understanding, Android Security Expert, Sebastian Bachmann, simulated a Ransomware attack on an Android mobile device in our "Malware of tomorrow: Android ransomware" video

While our experts in the IKARUS laboratory were analysing various attack scenarios, our Android scan engine was able to detect the first Ransomware malware sample of this kind. It functions just like the long-running Police trojan which attacks Computers and does not allow access to data, apps and other features. See an insight into Ransomware on Android devices, how it affects the user and the device functionality with this short video:

© 2019 IKARUS Security Software GmbH