YUSUPH KILEO Page 1

ANDROID PHONES ARE TARGETED BY RANSOMWARE GANG.

Summary: The arrival of

Ransomware on the mobile scene is just

the beginning of a gathering storm.

"This is going to be massive," said

Trend Micro VP JD Sherry. "This will

be the year that we see a tremendous

amount of malware hitting mobile

phones, and I don't think consumers and

organizations are prepared to handle

these attacks once they migrate to

mobile devices."

The gang that pioneered the idea of locking up a target's computer and demanding a ransom to

unlock it has turned its attention to the rapidly growing mobile market. Once Reveton mobile

infects a phone, it will display a bogus warning from a fractured local law enforcement authority.

In the U.S. it's "Mandiant U.S.A. Cyber Security/FBI Department of Defense/U.S.A. Cyber

Crime Center."

Needless to say, the gang doesn't know a lot about the U.S. government or law enforcement, but

that's irrelevant to someone whose phone is suddenly bricked until the online extortionists get

their payment. The gang's tactics haven't changed since they introduced their malware years ago.

"Just as its Windows-based variant, it performs a geolocation lookup for the device's IP and

displays a customized page using some local law enforcement branding," explained Bogdan

Botezatu, a senior e-threat analyst with Bitdefender.

YUSUPH KILEO Page 2

"In order to get their phones back," he told TechNewsWorld, users must "pay a $300 fine via

untraceable payment mechanisms such as Paysafecard or uKash. “A phone can acquire the

Ransomware just by visiting an infected porn site, Botezatu explained. However, some user

interaction is needed to install the bad app once it reaches a phone.

Although the malware's warning screens claim the app encrypts all data on the phone, making

the data inaccessible, that claim may be dubious." The marketing efforts of the bad guys can be

impressive;" added Britton, "but the capability of the actual technology can be less than that."

Rather than encrypt all the data on the phone as CryptoLocker does on a PC, mobile Reveton is

pure Ransomware. "It puts a wrapper over all the interfaces and UIs," JD Sherry, vice president

of technology and solutions for Trend Micro, told TechNewsWorld. "So a user can't do anything

because malware has system-level access."

The malware doesn't make the effort to obtain the permissions it would need to encrypt data on

an Android phone, Botezatu explained. "The cybercriminals wanted to keep it simple," he said.

"This might be the first iteration -- a test case, if you will -- of a very successful breed of mobile

Ransomware."