RSA Europe 2013: Ransomware making its way to mobile

A mobile security expert this morning warned that ransomware, the malicious software that locks users out of their device and demands payment for its release, is about to make the transition from PC to mobile.

2013 has signalled something of a renaissance for ransomware, with the CryptoLocker and FBI MoneyPak scams spreading with particular menace and bleeding millions of pounds from fearful victims, and the problem now looks set to grow.

Speaking today at RSA Europe in Amsterdam, Webroot’s security intelligence director Grayson Milbourne (above) said threats traditionally confined to PCs were targeting mobile devices with increasing regularity, citing the sweeping Red October espionage campaign as a case in point.

Explaining the evolution of rogue apps on Android, Milbourne said, “What we believe we will start seeing is ransomware types of applications.” Fake antivirus products have been the most common manifestation of malicious software on the Google OS to date, but Milbourne said attackers are using a wider range of methods to dupe customers into giving up data and money.

Our analysis of ransomware earlier this year detailed an attack vector low on technical sophistication, but high on criminal efficiency. Researcher Marcel den Berg of Team Cymru told us that ransomware operators show “a real world criminal mindset,” scaring victims and monetising their scams to great effect.

With the ploy representing such value for money for attackers, Milbourne says its proliferation on mobile devices was inevitable, despite there being relatively few incidences of mobile ransomware so far. “It’s a dirty tactic and it’s very effective because people care deeply about the files that have just been encrypted [by the attackers],”he said.

The opportunity for malware writers to bring new threats to the Android platform continues to increase, as vast numbers of users shop for apps away from the official Google Play store and in third party outlets where mobile threats are rampant. Sticking to Google Play, which now undergoes more stringent vetting thanks to the Google Bouncer feature, has become a golden rule on Android, but Milbourne revealed that 40 per cent of users still install apps from third party stores.

“The focus of the cybercrime industry is really sharpening on mobile devices because attackers are very aware that there’s great profitability there," Milbourne warned. "There’s low security, low authentication, and a vast quantity of data – especially in a BYOD environment today. You haven’t just got your personal data but you’re also going to have some good corporate data there as well.”

For more news and analysis from RSA Europe this week, be sure to check out our live coverage page.