Skip to content ↓ | Skip to navigation ↓

If you need any more evidence that ransomware has become a major problem, just look at how online criminals are busily developing attacks against platforms other than Windows.

Yes, Windows continues to be the operating system most commonly targeted with ransomware threats – but malware that attempts to extort money out of you is also being actively developed for Android, OS X, and Linux.

A new study published by Kaspersky has found that, although it rarely makes as many headlines its PC-based cousins, encounters with Android ransomware have “skyrocketed” in the last year.

The number of users encountering mobile ransomware at least once in the period April 2014 to March 2016. Source: Kaspersky

“From April 2014 to March 2015, Kaspersky Lab security solutions for Android protected 35,413 users from mobile ransomware. A year later the number had increased almost four-fold to 136,532 users.

Most of the affected users are reported to be based in the United States, followed by Germany, Canada, and the UK.

What we aren’t told, unfortunately, is whether this increase in mobile users coming into contact with Android ransomware is due to Kaspersky recording a rise in its user numbers, or because of an improvement in its detection capabilities.

But other statistics shared by the security researchers show that it is becoming more common to be threatened by Android ransomware compared to other types of malware on the platform:

“The share of users attacked with ransomware as a proportion of users attacked with any kind of malware also increased: from 2.04% in 2014-2015 to 4.63% in 2015-2016. The growth curve may be less that that seen for PC ransomware, but it is still significant enough to confirm a worrying trend.”

I think the researchers description of this as a “worrying trend” is correct, although not a surprising one.

It makes sense to believe that online criminals have determined that ransomware is one of the best ways to make money through Android malware.

After all, many Android users may have no anti-virus defences in place to protect their devices, and the incentive to pay up to recover access to – say – your precious collection of family photographs is considerable.

The researchers also note that the Fusob family of ransomware (also sometimes known as Cyber Police) which locks users’ devices and demands a fine be paid is responsible for over half of all reported attacks, having overtaken the Small ransomware family.

The distribution of the share of attacked users between the most active mobile ransomware families in 2015-2016. Source: Kaspersky

One big difference between PC and Android ransomware is that Android attacks are typically designed to block access to the phone – by displaying a lock screen demanding payment – rather than encrypting files. This is because of the barriers in place in the Android operating system, preventing third-party apps from accessing users’ files.

Nonetheless, all indication suggest that lock screen ransomware remains effective as a form of extorion in many cases.

CyberPolice lock screen

Looking forward, it’s not just mobile phones and tablets which are at risk from Android-based ransomware. Other IoT devices running the Android operating system, such as Smart TVs, may increasingly become victims of ransomware attacks.

The sad truth is that ransomware isn’t going away. While it continues to generate considerable amounts of money for online criminals the attacks will continue. The best defence for Android users remains to be extremely cautious of installing apps from third-party sites, to backup their important data, and to consider running a security solution on their devices.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.