Ransomware

Mobile ransomware sneaks onto your device using social engineering tactics that trick you into downloading malicious content, such as fake apps from third party app stores, app squatting, infected system or software updates, phishing, or smishing.

Traditional ransomware encrypts the files on a device, and some, but not all, Android ransomware variants do encrypt. WannaLocker uses AES encryption to encrypt files.

Different types of living of the land techniques” techniques can be used to deny a victim access to the device:

• Abusing functionalities (MalLocker).

• Hijacking permissions (Strandhogg attack).

• Resetting device PIN (DoubleLocker and CovidLock).

Both iPhone and Android users have easy access to cheap, cloud-based backup tools (Apple iCloud and Google One), which makes it easy to wipe and restore devices, in the event of a ransomware attack, with minimal loss of data.

Resources

• CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware, 2020

• Sophisticated Android Ransomware Executes with the Home Button, 2020

• WannaLocker - The WannaCry Copycat Targeting Android Users in China, 2017