Android Ransomware

Recently, a type of malware called ransomware has begun to appear more frequently. Its purpose is to effectively take data hostage and demand a ransom in exchange for returning it. CryptoLocker, for example, does this by encrypting all document files on a computer and mapped network drives, then requiring a payment of roughly $300. Upon confirmation that the payment has been received, the decryption key is then sent to the victim. In some cases, of course, the decryption key may not be sent even if payment is made.

Naked Security has an article about the recent appearance of “Koler,” a variation of ransomware that issues a fake “police warning” and demanding payment of a fine, again about $300. This malware does not, however, encrypt data. It is also fairly straightforward to protect against, as the Android setting “Allow installation of apps from unknown sources” must be enabled for it to infect a device.

CryptoLocker Ransomware on Rampage

An increasing number of infections have been reported from the relatively new CryptoLocker malware, which encrypts files and holds them for ransom. Unlike previous ransomware, CryptoLocker makes its targeted files legitimately unrecoverable and also appears to honour ransoms by decrypting the files when paid (at least for now).

Naked Security has a pretty accessible overview of what CryptoLocker does and how to avoid infection. The primary vector appears to be email attachments, so please be particularly vigilant and do not open attachments unless you are certain of their contents.