Ransomware a Growing Threat on Mobile Phones, Security Firms Say

With telecommunications firms taking a stronger stance against toll fraud, attackers will likely turn to ransomware to monetize compromised devices, security firms assert.

In 2013, ransomware grew to become a significant threat for computer users, as cyber-criminals refined their tactics aimed at turning compromised computers into cash.

Like many other trends, ransomware appears to be going mobile, according to security firms. The group behind the Reveton ransomware program, for example, has ported the malware to Android, distributing it through pornography sites where it is disguised as a video player, according to application-security firm BitDefender.

Dozens of ransomware programs have already targeted Android phones in Asia, and evidence of similar attacks in the United States shows that the trend will continue, security firm Appthority stated on May 13.

"We started seeing ransomware on mobile devices in late 2012—mostly in Japan," Domingo Guerra, co-founder and president of Appthority, told eWEEK. "We thought they were isolated incidents, but since we have seen it in the U.S., we believe this could be the next step in the monetization of mobile devices."

Ransomware has become a much more serious threat as attackers have improved their techniques for disabling a victim's PC. Initially, attackers focused on the digital equivalent of a protection racket, claiming that a victim's computer had been infected with malicious software and that their security software could remove the threat.

Later, cyber-criminals focused on preventing the victim from using the PC until they paid the ransom—initially by using a program that wrested control of the operating system from the user and eventually by encrypting the important data on the system.

The most successful program, CryptoLocker, made at least hundreds of thousands of dollars—and likely millions—for the group that created it. One copycat program released earlier this year is estimated to have earned its cyber-criminal operators more than $30,000 in a month.

The attackers' strategy will likely change again with the move to mobile platforms. Mobile devices are home to sensitive and private information that could be used to embarrass or shame individuals, making it more likely that victims will pay a ransom.

"They could go through your address book and tell all your friends and coworkers that you were surfing porn," Guerra said. "They could look through your pictures and videos on the phone and threaten to do something with them, unless you paid."

Because mobile phones are also portable sensors, attackers could record video and audio, and perhaps use that information for ransom, he said.

For companies, the trend could be even more serious, as the phones could be used to access business data or to spy on business operations behind the firewall.

Currently, however, mobile malware is rudimentary. The Reveton variant, for example, claims to encrypt the data on an infected device, but the threat is a sham, according to BitDefender.

"Although the message claims the stored data is encrypted, the application does not have the permissions it needs to touch files," the company said in its posted analysis. "It's a lie to push users into paying the $300 ransom."

Editor's Note: The industry started seeing ransomware in late 2012, not late 2013, as previously reported.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...