Ransomware Goes Mobile, Holds Phones Hostage for $300 - Technologist
Technologist - The FindLaw Legal Technology Blog

Ransomware Goes Mobile, Holds Phones Hostage for $300

In our younger days, viruses had one purpose: wreak havoc. The creators of worms, trojans, and other malware got little or nothing out of their creations, other than the enjoyment of causing a little death and destruction.

Ransomware was the big breakthrough. Though keyloggers and adware may have brought in a small amount of revenue, nothing has been quite as lucrative as the $5 million per year ransomware racket, where a virus locks down a computer, holding it hostage until a non-traceable payment of $300 is paid to the hackers.

It gets worse: the biggest deal in malware just got bigger by making the mobile jump to Android, reports Ars Technica.

Like Bitlocker

The true genius of desktop ransomware, specifically the more complex ransomware variants, is that it encrypted the entire PC, making recovery near impossible unless the ransom is paid. Whether you believe the fake FBI and law enforcement warnings or not, if you want your computer back, paying up is your best option.

One of the more notorious examples of this lockdown came last year, when an alleged pedophile walked in to a police station with his locked computer. After inquiring about warrants in his name for child pornography, and consenting to a search of the PC, he was arrested for a slate of child pornography, solicitation, and indecent liberties charges.

But Weaker and Mobile

When ransomware went airborne, and made it to Android, it didn't bring the encryption with it, at least so far. This variant locks down Android phones, putting a web browser-like window on top of everything else. The home screen can be accessed momentarily. but the ransomware reappears on a timer, making uninstallation nearly impossible.

On the bright side, if the device gets locked down, the mobile variant doesn't encrypt the underlying data, which should make removal of the virus easier for an expert -- think of this like a curtain over the phone, rather than a vault.

According to Ars, the ransomware screen detects the user's location and displays an appropriate fake FBI or law enforcement screen. A bounty of $300 gets the screen unlocked.

How do users get the virus? Pop ups on adult websites tell users that a video plugin is needed, users download that "plugin," enable out-of-market third-party apps, and manually install the virus. A quick accidental installation is unlikely under the circumstances, so the users have to either be extremely gullible or the porn popups extremely convincing.

Like the desktop variants, because of the embarrassing origin of the lockdown, and the message displayed (which mentions zoophilia/child pornography/rape), many users will pay up rather than seeking help.

Got ransom? Tweet us @FindLawLP.

Related Resources: