Ransomware¶

Mobile ransomware reaches devices through social engineering: fake apps from third-party stores, app squatting, malicious system or software updates, phishing, or smishing.

Traditional ransomware encrypts files on the device. Some Android variants do this; others use different techniques to deny access:

• Abusing accessibility functionalities (MalLocker)

• Hijacking permissions (Strandhogg attack)

• Resetting the device PIN (DoubleLocker and CovidLock)

WannaLocker uses AES encryption to encrypt files on infected Android devices.

Both iPhone and Android users have access to cloud-based backup tools (Apple iCloud and Google One) that make it practical to wipe and restore a device with minimal data loss. Maintaining current backups is the most effective recovery option.

Resources¶

• CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware, 2020

• Sophisticated Android Ransomware Executes with the Home Button, 2020

• WannaLocker - The WannaCry Copycat Targeting Android Users in China, 2017