2016 brought some interesting developments to the Android ransomware scene Ransomware is currently one of the most pressing cybersecurity issues across all platforms, including the most popular mobile one.
Authors of lock-screen types as well as file-encrypting “crypto-ransomware” have used the past 12 months to copycat effective techniques from desktop malware, as well as develop their own sophisticated methods specialized for targets running Android devices.
In addition to the most prevalent scare tactics used by lock-screen “police ransomware”, cybercriminals have been putting an increased effort into keeping a low profile, by encrypting and burying the malicious payload deeper into the infected apps.
In 2015, ESET observed that the focus of Android ransomware operators shifted from Eastern European to US mobile users However, last year demonstrated a growing interest by the attackers in the Asian market, as evidenced by the Jisut lock-screen, which began using a localized Chinese ransom message This increased activity can also be seen in the growing prevalence of this now notorious malware family, doubling in the previous 12 months.
In the first part of this paper, we provide a definition of ransomware, take a look at ESET’s detection telemetry to see the current trend for this cyber threat, and analyze malware specifics that apply to ransomware on Android The main section details the most noteworthy Android ransomware examples since 2014 The final chapter offers advice to Android users