Ransomware on Android: What Are The Actual Odds of You getting Hit?

How common are ransomware attacks on Android users and what can you do to avoid it?

Mar 30, 2017Security
Ransomware on Android

Ransomware is one of the latest attacking trends, used by hackers and other malicious-intending characters, for the purpose of extorting money, or other valuable property, from the client being attacked.

There are different forms in which ransomware is being utilized, some of the most prominent ones are:

  • Encrypting ransomware – the user’s data is encrypted whereas the user is demanded to pay ransom in exchange for the data’s decryption.
  • Blocking ransomware – the user is being denied access to his / her own data until a ransom has been paid.
  • Leaking ransomware – the user’s data is taken ‘hostage’ and the user is being demanded ransom in exchange for the data shall not be published.

In either way, the underline logic of the attackers is that the user, which is no longer of complete and sole control of his / her own data, will prefer to pay a certain amount of ransom in order to free the data and regain complete control of it.

To further induce the desired outcome, attackers may often disguise the attack as being conducted by a credible law enforcement agency, accusing the user of doing something illegal.

Ransomware disguised as law enforcement agency

Ransomware disguised as law enforcement agency

Ransomware on Android

Research[1] done on the past couple of years by Anti-virus company Kaspersky, provides us with the following statistics regarding mobile platform ransomware:

Users affected by ransomware on mobile platforms between 2014 - 2016

Users affected by ransomware on mobile platforms between 2014 – 2016

As you can see, last year (2016) saw a steep incline in the amount of users encountering mobile ransomware at least once during the year.

In addition to these data, we also have Google’s own statistics which states[2] the following:

“Since 2015, less than 0.00001 percent of [app] installations from Google Play, and less than .01 percent of [app] installations from sources other than Google Play, were categorized as ransomware.”

That’s less than the chances of getting struck by lightening says Google, and yet, although rare, it still out there.

Android 7.0 and above users are, apparently, a bit safer than their counterparts due to added security mechanisms introduced in that version, such as: better apps sandboxing, stronger locks and “clickjacking” protection.

In order to keep safe against ransomware attacks in general and on Android in particular, the following measures are recommended.

Protect Against Ransomware

Human error is the number one factor causes users to install ransomware on their own devices, the #1 delivery vehicle of ransomware is Email. Therefore, users are advised:

  1. Pay close attention to the sources of emails you read, their links and their attachments.
  2. Only download apps from a trustworthy source.
  3. Install security updates on a regular basis.
  4. Use Android’s “Verify Apps” feature to monitor for harmful behaviors – the feature should be on by default, to check; go into Settings -> Google -> Security -> Verify Apps.

In case your device has been infected by ransomware, you can try boot into safe mode and from there delete any app you’ve recently installed that might be the cause for the ransomware.

If that doesn’t work, factory reset might also be used as a last resort as well.