Monday, August 4, 2014
Fortinet Warns Smartphone Users of Dangerous Ransomware
This is what high-performance network security company Fortinet advised recently after seeing an increase of this malware type in recent months.
Ruchna Nigam, Security Researcher for FortiGuard Labs, said that ransomware threats are becoming increasing serious this year due to the discovery of such program affecting iOS devices and a similar threat that encrypts data on Android-powered mobile devices.
Ransomware originally targeted computers. However, the emergence of mobile applications made it a danger to portable devices as well. This malware type prohibits the use of a device unless the owner makes a payment. Only then can the end user re-gain control over the phone. In connection to this, FortiGuard Labs have identified four mobile ransomware:
1) “Oleg Pliss” on iCloud – Among the four, this is the trickiest to detect because it was conceived from breached iCloud accounts and some social engineering. First discovered in May 2014, the developers of this ransomware used the “Find My” function on iPhone, iPad and iMac together with recycled passwords. “Oleg Pliss” allows the attacker to extract or delete information. However, this can be prevented by activating the phone lock passcode.
2) Simplocker – This is the first ransomware ever detected on Android and it works by encrypting various audio, document, photo and video files. Infected devices will be locked and even after a payment is made, files have to be decrypted to be revealed. The types of files that it encrypt have the following extensions: 3gp, avi, bmp, doc, docx, gif, jpeg, jpg, mkv, mp4, pdf and png.
3) FakeDefend – First discovered in July 2013, this ransomware attacks Android devices and it is disguised as an antivirus program. It will first perform a fake phone scan before showing a list of fake virus infections. After which, the phone is locked and payment has to be made for it to be retrieved. However, the nightmare doesn’t end there for any credit card information used for payment will be stored by the attacker and can be used for fraudulent transactions in the future.
4) Cryptolocker for mobile – This ransomware, first discovered in May 2014, appears as a bogus Bedoni video downloader and when activated, shows a screen that claims to be from the local police. The geo-location of the “police” page is linked to the attacker and the locked is shown every five seconds. This makes it nearly impossible to operate the mobile device well and only an uninstallation of the malware can revert the phone to normal.
Nigam added that the increasing number of ransomware proves that attackers are becoming adaptive to technological trends. Therefore, smartphone users must be properly informed about the potential dangers and must take precautionary measures to avoid disruption of their phone usage. Here are the top pointers that Nigam suggested to safeguard mobile devices against ransomware:
1) Have a functional anti-virus on these devices to get warnings on potentially harmful software.
2) Install software and applications only from trusted sources such as Google Play and App Store.
3) Passcodes must be activated for iPhone and iPad devices to prevent ransomware breach