There has been a lot of talk in the news lately of a new ransomware for Android. While this does sound dire, and the possibility exists for more problematic threats on Androids smartphones and tablets in the future, it is not yet time to panic.
A case of mistaken identity
Choosing a headline is always a difficult task: How do you best sum up a complicated situation in a way that both expresses the gravity of the situation, and does it in just a few words? Sometimes this process can go awry and cause unexpected confusion (or in this case undue concern).
One of the early articles about the new ransomware for Android called it a “CryptoLocker-Like ransomware”, and many news outlets ran with this name. For many of us, seeing the word CryptoLocker is enough to get us a little twitchy; it is considered by many to be one of the scariest malware of all times, due to its data-destructive tendencies.
But the fact is, not all ransomware is anywhere near as destructive or as effective as CryptoLocker. The ransomware that was found on Android (detected by ESET Mobile Security for Android – as well as our other products – as Android/Koler.a) is one of the less-effective varieties. It is a lock-screen ransomware, rather than a filecoder. (If you would like more info on the varieties of ransomware, my colleague Aryeh has a great podcast on the subject) This is to say, it tries to lock your screen to prevent you from being able to use your phone but it does not encrypt files.
In this case, the ransomware is even less effective than usual: It does not completely lock your screen, but it does disable your Back button and it only allows you 5 seconds after hitting the Home button before it returns you to its warning screen. In these 5 seconds, you should be able to uninstall the malicious application as you would any unwanted application – it does nothing further to prevent uninstallation. This malware also relies on social engineering to get people to install it; it does not install silently or automatically once it has been downloaded.
As always, there are a few simple tips you can follow to protect yourself:
- Back up your data The best thing you can do to prevent problems due to ransomware is to back up your data. Google makes this very easy on Android, so do it frequently to avoid the heartbreak of damaged data
- Do not install strange files Malware authors have been using the enticement of viewing videos to get people to download their wares for ages – do not fall for this tactic! Install only video players (or better yet, any apps) that you have downloaded from a reputable App Store. For an extra bit of protection, install only apps from those reputable App Stores that have lots of positive ratings.
- Scan files before installing If you have smartphone or tablet that runs on Android, make sure you have up-to-date anti-malware software installed and use this to scan apps before installing.
There may be more powerful ransomware threats available for Android in the future, so it is a good idea to start protecting yourself now. But for the moment, there is no need to panic about Cryptolocker for Android.