Many Android Users Infected with Ransomware

A new type of ransomware is now targeting Android devices. In Russia, for the moment, this malware locks access to the homescreen of your device, and repeatedly requests that you enter valid payment information. The ransomware appears to be targeting only Russian-speaking users (the ransom note is only available in Russian).

In contrast to the downward pricing trend for English language ransomware in the last few months this Russian ransomware demands nearly $10,000 from users who wish to recover their personal data. Even after the recent rising prices of smartphones in Russia this is between ten and one-hundred times the value of the average smartphone.

Unlike many other ransomware attacks, the screen which users are prompted to pay the ransom on does not seem to be routed through as robust of anonymizing services like Tor which may indicate that the attackers are still perfecting their methodology.

The attackers can lock or unlock the device's screen, add new contacts to the phone, steal contacts, send SMS messages, and update the malware’s code.

As is the case with most Android exploits today, the threat is hidden inside an app that requests administrative rights, which makes removal difficult. The easiest way to accomplish removal is restore the device to factory defaults, but some advanced users may be able to remove the app by connecting the device to a computer and using app management software.