Everybody is talking about ransomware and Windows security loopholes after the deadly extortion attack last Friday. But what about the 800 million android users worldwide? Are android users vulnerable to any kind of android ransomware (malware) attack?
Yes, just like Windows OS, Android is also vulnerable to malware attacks, especially ransomware attacks. In fact, researchers rank ransomware the number one mobile malware risk for 2016-17.
Our dependence on smartphones is increasing day by day, thanks to the advancement in the smartphone technology. Latest smartphones meet our technological needs with ease. Now a days if you have a latest smartphone probably you are not going to need a PC or Laptop computer. From emails to social networking to financial transaction to online purchase, everything is smoothly operated from a smart device. Keeping that in mind cyber criminals have shifted their focus to smartphone users, especially android users. As you can imagine, ransomware has become a big business for cybercriminals and this ugly trend is expected to become a more serious problem in the future.
How ransomware works in an android device?
Third-party installation of apps exposes an android device’s security vulnerabilities. Most of the victims of ransomware are those who do not mind installing apps from third-party source. Cybercriminals trick victims by asking them to install certain video player or flash player to watch some interesting video. Some victims are lured by the promise of being able to install pirated paid APK files of some paid games or other types of paid apps for free.
Once the ransomware is installed in the android device it does either of the following two things:
It locks the device’s screen (Lock-Screen Ransomware)
Commonly, these kind of ransomwares are coded by inexperienced and unprofessional script kiddies. This kind of ransomwares locks the device’s screen and do not allow the victim to use, reboot or shutdown the device. Generally under this kind of ransomware attacks victim’s personal files are not encrypted. Most of the times you can recover your personal files by rebooting your device in safe mode. To reboot your android device press and hold your device’s power button for a few seconds until the Android OS prompts you to turn off your device. Next, tap and hold Power off for a few seconds until your phone asks you to confirm that you want to enter safe mode. In safe mode you can also uninstall the installed malicious app. But it is not always that easy. Sometimes your android device does not reboot at all and you end up with losing your personal files. One instance of this kind of ransomware is “Jiust”. Jiust was a localized ransomware and it targeted Chinese android users.
It encrypts victim’s personal files (Crypto-ransomware)
These kind of ransomware cause more serious damages, because it encrypts the personal files of a victim and on most occasions the victim lose them. Even meeting the demand of the cybercriminals does not guarantee the recovery of the personal files. Crypto-ransomwares is capable of encrypting your personal files present both in your device’s memory and SD card. It uses AES (Advanced Encryption Standard) algorithm to encrypt victim’s personal files. AES algorithm is a 128-bit encryption which is considered to be logically unbreakable. That means once your files are encrypted using AES algorithm, it is almost impossible to decode them without the keys. One example of this kind of ransomware is “Simplocker”. In the year 2014 “Simplocker”emerged from the Russian underground forum. It made the victims feel that their device is locked by the law enforcement agency, because they detected some illegal activities on victim’s android device.
Either way it completely disable your device and leave the victim with two options, pay the demanded money or lose personal files.
Apart from above two most commonly used methods, some ransomwares can pretend to be some kind of anti-virus program, or adult video player app. But what’s common among all of them is their demand of a sum of money from the victim while promising to release the encrypted files in exchange.
Cybercriminals use cryptocurrencies like MoneyPak, BitCoin, Litecoin, Zcash, Ripple etc. Cryptocurrencies does not require any connection to banks, and that helps cyber criminals to stay safe from law-enforcement agencies.
Android Ransomware Prevention:
Backup Your Files
The first thing you gotta do is to backup your personal and important files. Ransomwares can never do any harm if you practice backing up your important files regularly. We all know that backing up files is important, but normally we do not expect anything terrible so we ignore it. Backing up files not only save your files from cybercriminals but from fire accidents, theft or device failure. It is crucial to backup your files. Start today. If your files are extremely important for you, going for multiple backup is a great idea. You can backup your files using a flash drive, or an external hard drive. Another good option is cloud storage.
Keep Your Android Software Current:
Updating software is not only about getting new features but making sure your software do not have any security loopholes. Android operating system often leads to big downloads and prolonged installation times, but you have to remember that it is very crucial to keep your android operating system current for security reasons. Not just the operating system but keep your apps updated. If you want to stay safe online do not forget to keep your softwares, operating system and apps up to date.
Mobile Security Suite:
Unlike Apple, not all android apps are checked and monitored for potential security threats. Although google’s security is good, its safeguards can be bypassed. That adds extra responsibilities on the user. Keeping that in mind installing a reliable and paid mobile security suite can be a good decision. Some of the best options are: Norton Mobile Security, Avast Mobile Security and Kaspersky Antivirus & Security.
Check App Permissions:
Take a look at the permissions you have granted to various installed apps. Although permissions are important for apps to run properly, sometimes apps ask for unnecessary permissions. Cybercriminals exploit this to access user information. If an app asks for permissions that looks like irrelevant, better do not install it, unless it is a popular and reputed app.
Install Apps From Reputable Source:
Always depend only on reputable stores like Google Play Store or Amazon to install apps. 3rd party installation is never safe unless you are too sure about its security. It is not easy for general users to distinguish between a good .APK file from bad one. In that case it is better not to risk. Generally, cybercriminals plant malicious apps on shady websites and on unknown sources to trap android users.