Ransomware Attacks on Android & Infiltrated iOS on the Rise

Date:   Tuesday , March 15, 2016

Headquartered in Helsinki, Finland, F-Secure is a global leader in offering security solutions that efficiently cut-down security breaches & data threats in businesses across over 40 countries worldwide.

Are smartphones the most lucrative target for cyber criminals? The answer has to be a resounding \'YES\', due to multiple reasons. One, smartphone growth is booming, especially in emerging markets like India. A recent Ericsson report on mobility highlights that the total number of mobile subscriptions in Q1 2015 was around 7.2 billion, including 108 million new subscriptions. India grew the most (followed by China) in terms of net additions (+26 million) and mobile subscribers. Globally, smartphone subscriptions are set to more than double by 2020.

If you are a cybercriminal, you would undoubtedly be thrilled at the opportunity. You would also be thrilled as most smartphones do not have the same level of security when compared to traditional PCs. Mobile devices are naturally the new frontier. Attacks that have proved successful on PCs are now being tested on unwitting mobile device users to see what works and with the number of mobile devices with poor protection soaring, there are plenty of easy targets.

In the current scenario, threats locking the user\'s data and/or device for payment are continuously growing. Ransomware is one such threat that uses encryption or similar kind of mechanism to lock people out of their devices. Criminals use ransomware to extort people by locking them out of their devices unless they pay a ransom. Due to virtual currencies, it\'s becoming a lot easier for criminals to use ransomware, making it more profitable and more useful for them. But surprisingly, ransomware developers have created safeguards to ensure their malware doesn\'t infect the same victims again after they have paid a ransom. For end users, ransomware is today the most prominent kind of digital threat.

While Google\'s Android operating system continues to be the favoured target for majority of mobile malware, threats directed towards iOS do exist; but there are far fewer of them. But this doesn\'t mean that iOS for Apple iPhone or iPads are immune. The number of documented vulnerabilities for iOS has increased significantly in the last couple of years. Co-incidentally, both Android and iOS have experienced malware which have tried to attack the banking applications and mobile wallets in recent times.

Malware such as premium SMS message sending Trojans and Ransomware continue to spread, making them a notable presence in today\'s digital threat landscape. 259 out of the total 574 known variants of the SmsSend family were identified in the latter half of 2014, making it the fastest growing family of mobile malware. SmsSend generates profits for criminals by infecting Android devices with a Trojan that sends SMS messages to premium-rate numbers.

Targeting Android platform

The industry statistics suggest that a big pie of the mobile device market is today occupied by Android platform. This also means that Android-based devices inevitably attract the attention of cybercriminals who are creating and distributing malicious programs. Ransomware continues to plague mobile users, with the Koler and Slocker families of ransomware identified as the top threats to Android devices. Since their debut in the first half of 2014, the Koler and Slocker ransom families have grown rapidly as their authors create new variants. These families are now the most prevalent Android ransomware.

Spreading via SMS messages, Andriod/Svpeng is a type of banking Trojan that displays a phishing page when the user launches a banking app to phish for account login details. Variants also act as ransomware, blocking the device and demanding payment of a \'fine\' for alleged criminal activity. Security experts have also discovered a new Trojan, Simplelocker, which scrambles the files on memory cards in Android devices and demands a ransom to open them. This Trojan targets SD cards inserted into Android tablets and mobile phones, encrypts the files and demands payment in order to decrypt them.

For these and other reasons, it is safe to say here that vast majority of mobile cyber threats are targeting Android.

Apple\'s iOS too on the radar

Apple\'s iOS is no more a walled garden, where no malware can penetrate its tough defenses.
Although the percentage of malware is comparatively lesser to Android, today, cyber criminals are trying to infiltrate iOS platform as well, as they keep on probing the edges of the iOS security envelope, looking for a way in.

Wirelurker is an example of Trojan-spy that infects iOS devices that are connected to infected OS X machines via USB. Pirated apps containing Wirelurker are offered on third-party app sites for OS X machines. iOS devices connected via USB to the infected machine have apps downloaded onto them. In a proactive measure, Apple has now blocked Wirelurker-tainted apps in its store.

Remedial action

Organizations that employ real-time backup and frequently test their devices and environments typically survive a ransomware attack unscathed. For instance, they can simply wipe the infected device and restore the backed-up files.

The recommended remediation for recovering from a ransomware infection is to report the incident to the appropriate legal authorities and restore the affected files from a clean, recent backup onto a cleaned system. And while data backups ought to be regular and automatic, rigorous end-to-end encryption ought to be mandatory as well, since it can make most stolen data useless to extortionists.

But beyond backups and encryption, security has to be multilayered and requires an encompassing approach, including endpoint security, employee training, system updates, and others.. Security should not just include traditional anti-virus, but also, download protection, browser protection, heuristic technologies, firewall and a community sourced file reputation scoring system.