Approximately 32 per cent of all reported malware during the month of May was Android ransomware, according to new research from Bitdefender.
With the previous months of 2015 seeing 24 per cent of reported malware being on the Android platform, the company believes the sudden spike translates into an increased interest for cybercriminals for generating revenue by targeting the UK.
Bitdefender is anticipating that this number will continue to grow in the next twelve months.
Cryptowall ransomware is one of the most profitable malware strains to date, with ransomware fees starting from $500 (£320), says the firm.
Its success has inspired malware coders to now explore new ways of infecting even more victims by crafting ransomware for Android devices. Android shipments exceeded one billion devices in 2014, sparking cybercriminals’ interest who see an environment equally as profitable as that of PCs.
“Aggressive and persistent malware doesn’t come out of nowhere. Developing malware takes pretty much the same form as developing software; it takes many iterations and bug fixes until you end up with a really stable build that can perform as expected. The same goes for Android ransomware,” stated Catalin Cosoi, Chief Security Strategist at Bitdefender.
“At Bitdefender, we’ve been seeing Android ransomware samples for the better part of a year now. At first they had pretty limited capabilities – they were mostly scaring users into thinking they were infected by displaying an easily removable pop-up that contained the same classic message as PC ransomware. It only took limited technical knowhow to remove both the pop-up and the application and users were quick to dispose of them.”
“It seems, however, that malware coders quickly adapted to the mobile operating system platform and began understanding the subtleties of making an application latching onto the OS tightly. This makes them both more persistent and scarier for the average user.”
Bitdefender warns that new Android ransomware can completely block a device’s keys, leaving users with few available options: rebooting or shutting down. Although no actual encryption of local files actually occurs, the displayed messages try to scare victims into paying the ransom.
The latest Android ransomware can only be removed by booting devices in Safe Mode; otherwise it will come back on each time a device is rebooted normally. Because Safe Mode booting prevents third-party applications from loading, users can manually uninstall the malware just like any other app.
Image source: Shutterstock