Fortinet has advised mobile device users to be on the alert for mobile ransomware, which has seen a steady increase worldwide in recent months.
Ransomware is a type of malware that restricts usage of the device it infects, demanding payment from the end-user in order to regain control over the device. Until recently, ransomware has been targeting computers, but they are now attacking mobile phones.
“Ransomware threats have been big on mobile phones this year − from the emergence of the first variant targeting iOS devices to the first Android variant that encrypts phone data,” said Ruchna Nigam, Security Researcher, FortiGuard Labs, Fortinet.
FortiGuard Labs recently detected the following four mobile ransomware:
Simplocker, discovered in June 2014, comes in the form of Trojanized applications like a Flash player, for example. This is the first "real" ransomware seen on Android in the sense that it actually encrypts files (with extensions "jpeg", "jpg", "png", "bmp", "gif", "pdf", "doc", "docx", "txt", "avi", "mkv", "3gp" and "mp4") on the phone. The malware locks the infected phone, displays a screen telling the user that the phone is locked, and demands payment to unlock it. Even after uninstallation of the application in safe mode, the files need to be decrypted to be read.
Cryptolocker for mobile, discovered in May 2014, disguises itself as a fake BaDoink video downloader application. Although the malware doesn’t cause any damage to phone data, it displays a locked screen claiming to originate from the local police, customized to the geo-location of the end-user. The locked screen is re-launched every five seconds, making phone operation near impossible without uninstallation of the malware.