Android ransomare makes up 25% of Aussie malware

Ransomware is quickly becoming a major threat in Australia. Bitdefender estimates that more than 25% of all malware detected in Australia in May was Android ransomware.

Just three months earlier in February, ransomware accounted for a mere 6% of reported malware, Bitdefender said. But the ransomware threat has been growing for the past six months and is expected to continue to steadily rise over the next six to 12 months.

According to the company, the sudden spike in May demonstrates the growing interest among cybercriminals in targeting Australia with their malware campaigns.

The cryptowall ransomware remains one of the most prolific and profitable malware strains ever discovered. In the US, the ransomware family has caused more than US$18 million ($24.1 million) in losses in the past year alone, the FBI has calculated.

The popularity and vast install base of Android have meanwhile made the platform as attractive as PCs for cybercriminals seeking to make a profit.

Bitdefender said that Android ransomware typically displays messages stating that a user’s files have been encrypted and demanding payment to unlock them, but does not actually encrypt any files.

But mobile ransomware threats are becoming more sophisticated — while previous threat messages could simply be bypassed with the press of the back button, newer strains can completely block a device’s keys, leaving no option but to reboot or shut down. But the messages will return on every reboot.

The new breed of Android ransomware must be removed by booting into safe mode, but this is beyond the technical capabilities of the average smartphone user.

Popular infection vectors for Android ransomware include drive-by attacks and infected applications distributed over third-party app stores.

Bitdefender’s assertions about the growing ransomware threat are in line with the statistics provided in McAfee Labs’ latest global Quarterly Threat Report. The report showed that McAfee detected nearly twice the number of ransomware samples in Q1 than in any previous quarter.

In a demonstration of the growing danger ransomware poses to both individuals and business, endpoint data protection and security vendor Code42 last month announced that 64% of IT organisations worldwide experienced data loss at the endpoint from malware or ransomware prior to implementing endpoint backup systems.

Research conducted by the vendor via third-party content platform TechValidate also shows that 34% of organisations surveyed used backup to identify the data that existed on a lost or stolen machine, and 25% recovered from ransomware attacks using endpoint backup.

In addition, 60% of surveyed IT organisations secured data with endpoint backup in the event of employee departures, and 51% did so to prepare for a migration or encryption projects.

“Ransomware attacks and insider threats drive the need for a comprehensive endpoint data security strategy,” Code42 co-founder and CEO Mich Coopet said. “For instance, many CISOs are dealing with employee churn — when employees depart and take corporate data with them.”

Some security companies use the month of June as Backup Awareness Month. The survey was conducted as part of the awareness-raising efforts conducted over the month.

Image courtesy of Buster Benson under CC