As evidence, according to data provided by Kaspersky Lab, the number of users being attacked by mobile ransomware has quadrupled from last year to this. When the malware was first seen, its targets were almost exclusively PCs, and we’ve seen a number of high profile cases where PCs containing critical data were locked, requiring the owners to pay hefty sums to get them unlocked.
Last year, the total number of mobile devices locked by ransomware numbered 35,413. This year, the number has swelled to 136,532, and is growing by the day. Users in Germany, Canada, the UK and the US have been most impacted by the disturbing new trend, with 56% of mobile ransomware events tracing back to the “Fusob” family of ransomware.
According to the company, the most common path to infection are users who visit porn sites on their mobile devices. Fusob disguises itself as a multimedia player used to view porn videos. Once downloaded, all user access to the mobile device is blocked, and as is the case with the PC versions of ransomware, users are instructed to pay a toll (between $100 and $200) in iTunes gift cards in order to deactivate the block and get their access back.
Two important things to note about mobile ransomware that make it a slightly different beast than PC ransomware. First, most of the mobile ransomware is designed to avoid devices displaying content in Russian (a clue as to where these attacks are originating from). Second, unlike PC ransomware, the contents of mobile devices aren’t actually encrypted, because most mobile users have their data backed up to the cloud. Instead, these attacks seek to deny users access to their devices, locking them out until the fee is paid. The end result, however, is the same from a practical standpoint.
Although it’s true that most of the installations happen when viewing porn sites, this obviously isn’t the only way an infection can occur, and is definitely something to be on increasing guard against.