Android does not escape from ransomware: the most serious threats and how to avoid them.
Normally, when we talk about ransomware, we usually think of computers. The most notorious attack was that of WannaCry in 2017, a ransomware that managed to sneak into computers in up to 74 countries thanks to a serious vulnerability in Windows. However, although in this case the attack was aimed at computers, mobile platforms are not free of this type of malware and, as it could not be otherwise, Android is the most affected system.
With more than 80% market share, it is no wonder that Android is the favorite target of cybercriminals and, for years now, ransomware is one of the problems that threatens the platform. Collect some of the most talked about ransomware attacks targeting Android in recent years and I'll give you the keys to avoid them.
The rise of ransomware on Android
Ransomware is a type of malware whose ultimate goal is to achieve an economic benefit. The means used to achieve it is a blockage of the content of the terminal. There are two types of ransomware: the screen lock and the crypto. The first consists of hijacking access to the system, while the second encrypts the files it contains. In both cases, in order to regain control, an economic rescue is required, which generally has to be paid in bitcoins. As mentioned, although many of these attacks are aimed exclusively at Windows computers, the popularity of Google's mobile platform has placed it in the crosshairs of cybercriminals and ransomware is one of the tools used.
The cases of ransomware in Android began to increase from 2014 and since then they have been increasing. These have been some of the most notorious cases that have affected Android.
android defender
Android Defender came in mid-2013 and was the first ransomware exclusively aimed at Android mobile devices. To achieve its goal, the application was disguised as a fake antivirus that, after scanning the content of the mobile, found a serious threat that blocked the device and could only be eliminated if the $ 129 was paid for the alleged subscription.If this was not enough for the user in question made the payment, the application would try again with a more aggressive message that was accompanied by explicit pornographic images. Another method to convince the victims was to lower the ransom to $ 89.99 Obviously, the app could not be uninstalled with the usual method, but also modified some system settings in a way that prevented to restore the factory data, forcing a hard reset.The good news is that this malware had a fairly low range (it is believed that only affected about 50 devices) and did not sneak into the Play Store, but it was distributed as an APK disguised as other applications.
Simploker
In May 2014, the first cryptographic-type ransomware was detected on Android.His name is Simplocker and originated in Russia, as you can see in the screenshots, although later came other improved versions that were in English.This ransomware showed a warning message on the screen while at the same time encrypting the files in the background.The objective of the program were extensions of documents and more common multimedia files such as JPG, BMP, GIF, PDF, DOC TXT, AVI or MKV.However, the list with RAR and ZIP files was later expanded, the format in which backup copies are usually stored, so this information is also lost.although at first the ransomware showed a message in Russian, later versions in English were detected that used the classic technique of the ransomware police.In this case, it was about coercing the victim with a message accusing him of having visited child pornography sites.It even showed an image of the user that had been taken with the front camera.The payment required reached $ 300.
Simplocker was also not found in the Play Store, but was distributed in disguise of other popular apps.The chosen themes used to be pornography apps or popular games like GTA: San Andreas.
adult player
This ransomware took advantage of that time when the app seemed to work normally to take pictures of the user while watching porn videos, so the threat was not only reduced to losing the files, it was also extorted with these often compromising images.The ransom demanded by Adult Player was $ 500.
How to avoid ransomware on Android
These have been some of the most talked about cases of ransomware on Android in recent years, but they have not been the only ones.As we have seen, each of them has a different modus operandi and not all of them can be eliminated in the same way.The best thing in these cases is prevention.We give you some keys to avoid seeing yourself in a situation like the ones described above.
Do not install applications from suspicious sites
Most of the attacks that we mentioned were spread through external sites to the Play Store.The best thing to avoid scares is to just install apps from trusted sites and run away from any APK from which we do not know the origin.
Activate application verification
Android includes a system that looks for threats in installed applications, but is not activated by default in many terminals.To have this additional security measure, go to Settings - Accounts - Google - Security and check the Check applications box.Additionally, you can also activate the option 'Improve detection of harmful applications' that will send unknown apps to Google so that the system improves.
Install an antivirus
f you follow all the steps above and are cautious when installing apps on your Android, you already have the best antivirus