How Does It Travel?
Hackers have been targeting unsuspecting smartphone users in the Balkans with this Spider ransomware, which was first discovered on December 10. Users get reeled in through a phishing scam with malicious MS Office files sent as attachments with the subject line “Debt Collection.”
Read More: How to Protect Your Data from Ransomware Attacks
Spider is designed using obfuscated macro code, meaning that if macros are enabled, the ransomware allows a PowerShell to enter the victim’s computer and lead them to a host website with directions.
What Happens Next?
The malware then links up with apps and cloud storage, which proceeds to encrypt and lock away all the user’s files using AES encryption, while adding a “.spider” extension to all their files. On the surface, these emails seem to be legitimate as anyone with credit card debt or unpaid bills could be fooled into believing that these files come from a reliable source.
Cybercriminals proceed to send a message in Bosnian to victims on the ransomware, notifying them that all their personal files have been encrypted and they won’t be able to access them without the key to open them. Victims are then given 96 hours to pay in bitcoin in order to get their files back, with hackers offering them directions on how to do so.
How Do Users Pay?
Victims are given a tutorial on how to pay, beginning with details on how to buy bitcoin and how much money they need to pay. They are then given instructions on how to download the Tor Browser, which is necessary to make the cryptocurrency payment anonymously. Users are then told where to send the payment and how to securely do it.
What Happens if Victims Don’t Pay?
If they fail to pay up in 96 hours, all their information will remain encrypted and permanently locked. The criminals warn victims not to try anything as the ransomware has the technology to delete all their files and damage their PC.
How Do I Protect Myself?
Individuals and businesses looking to avoid Spider should disable their macros, while also being cautious of messages that can only be opened by turning on their macros. For the time being, there is no way to decrypt the ransomware once it does strike due to how recent the technology is. The best thing you could do is install a security app like dfndr security with the advanced anti-hacking capabilities that can help fight a ransomware attack.
In many situations, the hackers who issue the software sometimes don’t even hold up their end of the bargain — merely erasing your data permanently once you’ve paid.
Read More: This Mobile App Allows Cybercriminals to Create Ransomware
Worst of all, it isn’t just your computer or phone that’s at risk of attack. Smart home items such as modern day TVs have even been shown that they can be targeted. If your device has a computer chip within it, there is a good chance that it could be held hostage. But, don’t panic yet, here’s what you can do against this malicious malware:
Backup Your Smartphone
While it seems simple, regularly backing up your data is a proactive way to protect yourself against ransomware attacks. The heart of every ransomware scheme plays upon the fear that your data could be lost if a fine isn’t paid. However, if you have a backup of your files and photos, your data is more or less, secure.
You can utilize a solution such as Dropbox or Google Photos to make sure that your photos are always stored in a cloud. Other data such as contacts and calendars should be tied to your email account.
Android’s system also allows for a backup feature that can be found in your device’s settings. While it won’t backup everything, it’s useful for backing up device settings such as your saved WiFi networks, Google Chrome bookmarks, and more.
Browse With Common Sense
Most malware is accessed while browsing the internet or downloading an unsafe attachment from an email you have received. Prevention is always the best defense against vicious malware attacks. Keeping conscious and aware of what you click on while browsing, or what you download is a simple way to stay secure.
The truth is that once you’re subjected to a ransomware attack, there’s not much you can do to work backward. Preventative measures are your best defense.
Secure Your Android Device
But, how can you ensure the sites you’re browsing are safe and that you aren’t introducing malicious software to your device? Security solutions for Android such as dfndr security’s Full Virus Scan can protect your device by scanning it for spam, malicious content, and infected apps, then automatically removing them from your smartphone. These kinds of apps can block malicious websites to ensure a safer experience.
When it comes to ransomware, your best defenses are to maintain current backups and follow preventative measures. Ransomware can be malicious and menacing, threatening to delete our data and deal with the stress of possibly losing our digital life. However, if you keep aware and be conscious about your online activities — you shouldn’t have too much to fear.
]]>An App to Create Ransomware
This malware app is essentially a smartphone application that can be used to make custom ransomware attacks that target Android devices. The app was originally meant to be run from a computer or laptop, but now the app has been reformatted to function on a phone. Many developers call apps like this a “Trojan” or “TDK.”
Read More: How to Protect Your Data from Ransomware Attacks
It’s interesting to note that these apps only can run on Android and can only target other Android phones. The app isn’t on the Google Play store though; the only way you can access this app is by going to China’s Great Firewall hacking forums.
How Do You Use the App?
This app is a subscription-based service, so at least hackers are paying to steal data from you. When you download the app, new users can make a one-time payment for the app. New users also get the experience of communicating with the criminal service provider. This can be a big deal for newer hackers who may want advice on how to use the app. According to malware experts, there isn’t a limit on how many different virus strains a new subscriber can make once they’ve paid the subscription fee.
How to Keep Your Private Data Safe
If you have an Android, it’s really crucial that you keep your information safe from these virus strains. One way to keep safe is to avoid using public Wi-Fi networks. These public networks are extremely easy for hackers to use. They can view your private data because they get between you and the network and watch everything you do.
Read More: Your Phone Can Be Hacked Even When It’s Offline
What is WannaCry?
In May 2017, the WannaCry ransomware attack targeted computers that were running an outdated and unpatched version of Microsoft Windows as their operating system, which included much of the computers at the UK’s National Healthcare Service (NHS). During this large ransomware attack, the hackers encrypted the data so that the computers couldn’t access their data. After that, the hackers demanded that they get their ransom via Bitcoin because it’s practically untraceable.
However, before the NHS or the other 230,000 infected computers could pay the ransom, a young British computer pro cracked the WannaCry attack and shut down the malware himself. As it turns out, the ransomware attack was poorly designed, which made it easy for the computer expert to find the “kill-switch” and shut down the hack.
How to Keep Your Data Protected
In order to keep ransomware and hackers out of your phone, you should regularly scan all of your devices for malware to ensure that your device is free of viruses and ransomware. Another way to keep your data safe is by creating an additional authentication step for your accounts. By creating a special code or setting up a phone call verification to identify yourself, you can keep your data safe. Also, be sure that you use your own Wi-Fi on your devices because public Wi-Fi is more likely to be hacked.
Read More: How Effective is Your Android Security App?
Ransomware Attacks
Recently, the WannaCry strain of ransomware attacked a total of 150 countries. Victims of this sophisticated attack included Russia’s interior ministry and Britain’s National Health Service; they were all ordered to pay a ransom amount in Bitcoin. Later studies uncovered that all victims were Windows users who had failed to update their software.
For mobile users, the most common form of ransomware is the “Trojan-Ransom.AndroidOS.Fusob.h” which requests administrator privileges and collects information from the device to upload to a malicious server. This server then determines the device’s worth and blocks device use in order to extort a profit.
New Techniques
As hackers recognize ransomware as a significant source of revenue, their methods and targets are becoming increasingly sophisticated. Oftentimes, scammers will target high-value individuals or systems in an effort to generate the highest returns per victim. Ransomware vendors are also starting to provide ransomware customer support lines to facilitate the exchange of data for payments. As these levels of sophistication increase, future ransomware attacks may develop the ability to evade detection through limited CPU usage, and use self-replication within organizations in order to carry out coordinated ransom attacks.
How to Protect Your Devices
To avoid the danger of losing your private data to a ransomware attack, make sure to backup your phone data regularly, and keep your Android and network software updated. Oftentimes, ransomware is spread through infected emails, so be sure to approach email attachments or messages from strangers with caution, and ensure your antivirus software comes with anti-phishing to block links if you click on a malicious link by accident.
If you are a victim of a ransomware attack, make sure to report the incident to law enforcement, as these attacks are often criminal offenses.
]]>Read More: Ransomware Attacks Are Increasing on Android
Ransomware Through History
In comparison to other malware, the history of ransomware is much shorter. The first case of ransomware occurred in 1989, and targeted the healthcare industry (still a major ransomware target today). However, ransomware didn’t become the threat that it is today until around 2005. Since then, two of the most popular types of ransomware have been crypto and locker ransomware. Crypto ransomware encrypts users’ files, whereas locker ransomware only locks users out of their files. A hybrid of the two types has become more popular in recent years.
A Ransomware Evolution
Ransomware has evolved considerably over the last five years, and new, different types of ransomware are continuously appearing. In 2016, there were about 4,000 ransomware attacks each day, and roughly 70% of businesses infected with ransomware paid the ransom. With the release of the NSA hacking tools, and the rise of automation (allowing hackers to target more people with little effort), this will likely grow in 2017.
Hackers are now sending ransomware in PDFs via email. If a victim clicks on the PDF, he or she will be taken to a web page mimicking Google to type in personal information. This is becoming a more recent trend in the world of malware, with various malicious file types being sent over email to victims. Files may even include ransomware powerpoint presentations (ransomware ppt). The evolution of ransomware also includes Internet of Things devices as a growing target. This is because these devices are always connected to the Internet, and often have poor security or receive few updates.
]]>Read More: Massive Global Cyberattack Has Ties to the NSA
Cybercriminals Are Tough to Track Down
First of all, many ransomware attacks originate overseas. It’s very hard to arrest cybercriminals because it’s hard to locate them. Thanks to the Internet, cybercrime can be fairly untraceable — unless, of course, the criminal brags about his or her crime on a popular online chat room. Ransoms are typically paid in Bitcoins, which are also nearly impossible to trace.
The Law Doesn’t Have Time to Catch Up
International law enforcement agencies, for example, have teamed up to launch No More Ransom, an informative website designed to prevent ransomware and assist victims. As for the U.S., most states do not even have laws in place to properly charge and sentence ransomware criminals. Currently, Wyoming and California have laws in place that treat ransomware as a type of extortion; Maryland isn’t too far behind. But what about the rest of the U.S.? Ransomware has increased exponentially over the last several years — every state should be interested in passing similar laws.
How You Can Help the Police Fight Ransomware
It’s generally recommended that you contact the police after your device is infected with ransomware — you should never pay the ransom. Even if there’s little they can do, they’ll be able to make note of the crime. This can help to determine the scale of the cyberattack. If you do your part in reporting a ransomware attack, this will help law enforcement agencies get the information to the public. Sharing information about a massive, widespread ransomware attack — such as the WannaCry attack — may encourage businesses and individuals to take ransomware more seriously and update their cybersecurity efforts.
]]>Read More: Ransomware Attacks Are Increasing on Android
How Ransomware Stays Hidden on Your Phone
So, as a final aside to Android users: stay aware, keep DFNDR updated, and act immediately if your phone is acting strangely or becomes infected by using Full Virus Scan to remove any security threats.
]]>Read More: An LG Smart TV Was Infected with Ransomware
If you download a new app, and that app started interfering with your phone and its other apps, you’d delete it immediately, right? Unfortunately, ransomware does exactly that. Ransomware is known for hijacking other apps, then encrypting their data and often blocking the ability to uninstall. It can also affect the phone’s lock screen. But Google is vowing to confront these destructive viruses head-on with Android O, their newest operating system. Keep reading to find out if Android O is worth giving a “standing O[vation]” to.
How Android O Plans to Defeat Ransomware
Android “O,” the codename for Google’s newest operating system, has already launched a developer preview. Initially appearing on the scene in March 2017, Google plans on unveiling three more previews before the final version is launched in 2017’s third quarter. Android O’s central update involves battling ransomware. Mainly, Google plans to improve the protection of Android’s apps by deprecating vulnerable APIs and taking away functionality.
How has Google developed these strategies against ransomware? Well, that part is rather ingenious. Their developers followed 30 different malware strands “in the wild,” while gathering close to 50,000 samples from them. Using this data, the ransomware’s behavior was closely studied, while the Google team worked diligently to close Android’s security loopholes.
One of the main alterations, integrated into Android O, involves deprecating Android’s “DeviceAdmin” feature. Google found that around 70% of ransomware viruses were abusing DeviceAdmin on users’ phones. Ransomware would try to trick the user into granting admin privileges by hounding them with DeviceAdmin pop-ups. If the user gave in, their phone would be compromised immediately. By the end of 2017, we should know who’s winning in the Google vs. ransomware showdown.
Extortion
Cyber extortion, which entails publically revealing private or embarrassing hacked information, is reaching an all-time high in 2016. Cybercriminals are profiting off targets by threatening to release private pictures, personal information, or embarrassing secrets if demands aren’t met. A high-profile example was the recent hack of Ashley Madison, a website that facilitates adulterous affairs between its users. In this case, criminals threatened to reveal names attached to Ashley Madison accounts unless users paid the hackers steep prices.
Holding Users Hostage
The proliferation of “ransomware” has transferred this old-fashioned criminal behavior into the digital sphere. 2016 has seen a marked spike in cybercriminals’ use of ransomware, which is the term used for programs designed to hold victims’ digital information hostage until a ransom has been paid.
Advanced ransomware is even capable of penetrating smart devices, like Internet connected cars, medical devices, and household appliances. Cybercriminals have the ability to hijack virtually any connected device, and request inordinate ransom prices from victims.
In the first three months of 2016, over $200 million in ransom money was paid to criminals holding data hostage. This amount is eight times as much as the total ransomware demands paid in all of 2015!
Read More: Cybersecurity Threats You Should Watch for in 2016
The Globalization of Cybercrime
Cybercrime networks are expanding, and becoming more advanced, with gangs of online criminals using cutting-edge tools to break into private connected devices, selling access to the highest bidder. Cybercriminals in developing countries, like Nigeria, are also becoming more sophisticated with their online attacks. Military conflicts throughout the world can cause an increase in cyber assaults, as extensive damage can be inflicted by hacking groups who don’t have any physical military force.
PSafe Security
It’s clear to see that it’s a dangerous world we’re living in when it comes to data security. Don’t put the data, and personal information on your Android phone at risk. If you’re concerned about your phone’s security, give it the added protection it needs with PSafe TOTAL. PSafe TOTAL’s antivirus software will help secure all of the private data on your Android phone, and ensure your connected devices are safe and sound.
]]>