LONDON: Bitdefender issued the caution as part of its most recent research which found that approximately 32 percent of all reported malware in the UK during May was Android ransomware, up from 24 percent during the early months of 2015.
“This sudden spike translates into an increased interest in cyber criminals for generating revenue by targeting the UK,” Bitdefender said, adding that this trend will continue in the next 12 months.
An example of ransomware that has contributed to this is Cryptowall, which Bitdefender said is one of the most profitable malware strains to date.
Ransomware fees start from £320, and Cryptowall’s success has inspired malware coders to explore new ways of infecting even more victims by crafting ransomware for Android devices.
The fact that Android shipments exceeded one billion devices in 2014 has also sparked cyber criminals’ interest in duping users into giving them money, as the mobile arena is seen as equally profitable as PCs.
“Aggressive and persistent malware doesn’t come out of nowhere,” said Bitdefender chief security strategist Catalin Cosoi.
“Developing malware takes pretty much the same form as developing software; it takes many iterations and bug fixes until you end up with a really stable build that can perform as expected. The same goes for Android ransomware.”
Bitdefender has been seeing Android ransomware samples for over a year, which at first had pretty limited capabilities and were mostly scaring people into thinking they were infected by displaying an easily removable pop-up that contained the same classic message as PC ransomware.
“It only took limited technical knowhow to remove the pop-up and the application and users were quick to dispose of them,” Cosoi added.
“It seems, however, that malware coders quickly adapted to the mobile operating system platform and began understanding the subtleties of making an application latch on to the OS tightly. This makes them more persistent and scarier for the average user.”
This new Android ransomware can completely block a device’s keys, leaving users with few available options other than to reboot or shut down. No actual encryption of local files occurs, but the messages try to scare victims into paying the ransom.
This ransomware can be removed only by booting devices in Safe Mode, otherwise it will come back each time a device is rebooted normally, Bitdefender warned.
Safe Mode booting prevents third-party applications from loading, and users can manually uninstall the malware just like any other app.
“Android ransomware has drastically changed from being a small benign application that previously used to trick and scare users into thinking they have been infected, to actively seizing control over devices and preventing users uninstalling the malicious application,” added Cosoi.
“Today’s versions require a bit more technical expertise to ‘flush’ the application from a users’ Android device.”