Meet ransomware’s equally shady cousin

Mobile ransomware

Ransomware has been grabbing headlines this year through attacks on high-profile targets such as hospitals and major retailers. And while most of the prominent ransomware attacks have come through PCs, ransomware files targeting mobile devices have increased dramatically this year.

Data from the Kaspersky Lab Malware Report for the first quarter shows that 218,625 mobile Trojan-Ransomware installation packages were detected by the security firm, more than three times the 61,832 packages detected in Q4 2016, and even more than the 182,025 ransomware installation packages identified from Q2 through Q4 of last year.

One of the most recent examples of mobile ransomware is LeakerLocker, which targets Android devices. Discovered by cybersecurity vendor McAfee, LeakerLocker would best be characterized as extortionware. Here’s the difference, according to TechTarget contributor and Internet2 security expert Nick Lewis:

Extortionware is when a cybercriminal threatens a person or organization with some sort of harm by exposing personal or sensitive information. For example, a criminal could compromise a database with sensitive data and then tell the enterprise she will post the sensitive data on the Internet if her demands aren’t met.

Ransomware is when a cybercriminal takes something from a person or organization and tells the victim she will not return what was taken unless her demands are met. For example, a criminal could break into a sensitive database, copy the database to a location only the criminal can access and then delete or modify the data.

The latter is how ransomware usually works: Data is encrypted and kept by perpetrators until money (often in bitcoin) is paid by the victims. In worst-case scenarios, victims are told they’ll be given a key to de-encrypt their data but never get it (or their data), even after paying the ransom.

LeakerLocker fits the extortionware description because it “extorts a payment to prevent the attacker from spreading a victim’s private information,” McAfee explains. “LeakerLocker claims to have made an unauthorized backup of a phone’s sensitive information that could be leaked to a user’s contacts unless it receives ‘a modest ransom.'”

The extortionware currently is hiding inside two applications on Google Play: Wallpapers Blur HD and Booster & Cleaner Pro. (At least the enterprise workers who downloaded these apps didn’t get them from some sketchy third-party site, so that’s a modest plus.)

For mobile users whose devices contain enterprise data, extortionware theoretically could be used to shake them down for money under the threat of releasing proprietary information either to the general public or specific competitors. And while that might not be as bad to device owners as their mothers seeing their drunk or otherwise embarrassing selfies, enterprise security managers and business executives likely would have an entirely different perspective.

Have any of your mobile employees been hit with ransomware or extortionware?

RELATED LINKS

Worse than ransomware? That’s just great.

Lessons learned from the WannaCry ransomware attacks

Cool security tools your mobile workers just might use

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: