Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ransomware authors streamline attacks, infections rise

Lucian Constantin | Feb. 11, 2015
Ransomware authors continue improving file-encrypting programs and infection methods for Windows and Android, making these nightmarish attacks harder to avoid.

Android users are not immune to such threats either. After producing the first file-encrypting ransomware program for Android, the creators of Simplocker became the laughingstock of the anti-malware industry when it was discovered that they used the same hardcoded encryption key on all infected devices, making it easy to recover the affected files.

But they're now back, researchers from antivirus firm Avast Software warn. And they've unfortunately corrected their error, with a new, more sophisticated variant of Simplocker that infected more than 5,000 unique users within days of being discovered.

"The reason why this variant is more dangerous than its predecessor is that it generates unique keys for each infected device, making it harder to decrypt infected devices," Avast researcher Nikolaos Chrysaidos said in a blog post Tuesday.

Simplocker is distributed through rogue ads on shady websites that tell users they need Flash Player to watch videos. The Flash Player app served by those ads is actually Simplocker.

By default, Android blocks the installation of apps that are not downloaded from Google Play. However, attackers often use social engineering to convince users to disable this protection and allow the installation of apps from unknown sources.

Once Simplocker is installed, it will display a fake message that claims to be from the FBI and alerts victims that illegal pornographic material was detected on their devices. The message demands that victims to pay $200 to have their phones unlocked.

Security researchers advise against paying such ransoms to cybercriminals, because there's no guarantee of getting the decryption key and because it encourages them to continue their scheme. However, there are many publicly reported cases of users, companies and even government organizations who gave in to the extortion and paid to recover their critical files.

Because of this, it's important to establish a backup routine. Files should be backed up to drives or network shares that are only temporarily connected to the computer or that require a username and password to be accessed. That's because ransomware programs will also encrypt files from folders accessible over the network if they can write to them.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.