There has been a lot of talk in the news lately of a new ransomware for Android. While this does sound dire, and the possibility exists for more problematic threats on Androids smartphones and tablets in the future, it is not yet time to panic.
Choosing a headline is always a difficult task: How do you best sum up a complicated situation in a way that both expresses the gravity of the situation, and does it in just a few words? Sometimes this process can go awry and cause unexpected confusion (or in this case undue concern).
One of the early articles about the new ransomware for Android called it a “CryptoLocker-Like ransomware”, and many news outlets ran with this name. For many of us, seeing the word CryptoLocker is enough to get us a little twitchy; it is considered by many to be one of the scariest malware of all times, due to its data-destructive tendencies.
But the fact is, not all ransomware is anywhere near as destructive or as effective as CryptoLocker. The ransomware that was found on Android (detected by ESET Mobile Security for Android – as well as our other products – as Android/Koler.a) is one of the less-effective varieties. It is a lock-screen ransomware, rather than a filecoder. (If you would like more info on the varieties of ransomware, my colleague Aryeh has a great podcast on the subject) This is to say, it tries to lock your screen to prevent you from being able to use your phone but it does not encrypt files.
In this case, the ransomware is even less effective than usual: It does not completely lock your screen, but it does disable your Back button and it only allows you 5 seconds after hitting the Home button before it returns you to its warning screen. In these 5 seconds, you should be able to uninstall the malicious application as you would any unwanted application – it does nothing further to prevent uninstallation. This malware also relies on social engineering to get people to install it; it does not install silently or automatically once it has been downloaded.
As always, there are a few simple tips you can follow to protect yourself:
There may be more powerful ransomware threats available for Android in the future, so it is a good idea to start protecting yourself now. But for the moment, there is no need to panic about Cryptolocker for Android.
Author Lysa Myers, ESET