Android ransomware attacks have grown by 50 percent in a year

Cybercriminals are increasingly targeting mobile devices with malicious software, as more and more people use them to store their most personal data.
Written by Danny Palmer, Senior Writer

Android devices are becoming a top target for ransomware.

Image: iStock

Ransomware targeting Android users has increased by over 50 percent in just a year, as cybercriminals increasingly take aim at what they view as an easy ecosystem to penetrate.

This, the highest number of attempts to infect Android smartphones and tablets with malicious file-encrypting software so far, comes as users increasingly turn to mobiles as their primary devices, storing more and more valuable data on them.

According to cybersecurity researchers at ESET, the biggest spike in ransomware attacks came in first half of 2016. And because ransomware was then a relatively new attack vector -- at least when it came to targeting businesses -- means many fell foul of it.


Ransomware detection from 2014 to 2016.

Image: ESET

Eastern Europe was initially the main target of ransomware distributors but this has changed, with figures in ESET's Trends in Android Ransomware paper suggesting that now 72 percent of successful ransomware attacks distributing Lockerpin ransomware target users in the United States.

The reason for the shift in targeting, as with most other cybercriminal decision making, comes down to money. Mobile users in the US are richer than those in Eastern Europe, so distributors of ransomware can make more money by targeting them.

Lockerpin is a particularly aggressive form of Android ransomware, which has continually evolved since it was first discovered in August 2015. Typically spread via malicious, fake applications, Lockerpin claims to be the FBI, accusing the victim of harbouring illegal content and demanding a $500 ransom.

While there are some forms of Android ransomware which have been a thorn in the side of users for well over a year, malicious developers aren't just content to sit back on their laurels, with new forms of malware appearing all the time.

One of the newest forms of Android ransomware is Charger, a nasty form of mobile ransomware which steals data from its victims.

The zero-day mobile ransomware was found embedded in an app supposedly designed to enhance battery-life of phones and tablets -- and downloaded directly from the Google Play. Google has since removed the ransomware from its store.

In order to avoid falling victim to Android ransomware threats, ESET researchers recommend that users avoid unofficial app stores and keep mobile security software up-to-date.

It's also recommended that users keep regular backups of data, so in the worst case scenario of falling victim to a ransomware attack, data can easily be retrieved without handing money to criminals.

Read more on cybercrime

Editorial standards