More than 25 per cent of malware distributed in Australia during May was Android ransomware, a rise from February when Android ransomware levels were at 6 per cent, according to Bitdefender research.
Spikes were also noticed in April with the amount of Android ransomware at 23 per cent. According to Bitdefender, the increase is due to cyber criminals targeting Australians to generate revenue.
For example, the success of ransomware such as Cryptowall, which caused US$18 million worth of losses in 2014, has inspired malware coders to explore new ways of infecting more victims by creating ransomware for Android devices.
“With Android shipments exceeding 1 billion devices in 2014, it is little wonder the market is sparking the interest of cybercriminals who see it as an environment equally as profitable as PCs,” said Bitdefender e-threat analyst Bogdan Botezatu in a statement.
“We’ve been seeing Android ransomware samples for the better part of a year now. They were mostly designed to scare users into thinking they’re infected by displaying an easily-removable pop-up that contained the same message as PC ransomware,” he said.
According to Botezatu, users only needed limited technical knowledge to remove the pop-up and application from their smartphone.
However, new examples of the Android ransomware can block a smartphone’s keys so the user has to shut down their device.
“The only way to remove the ransomware is to boot the device in safe mode, otherwise it will come back each time your phone reboots. Because safe mode booting prevents third-party applications from loading, users can manually uninstall the malware just like any other app.”
According to Botezatu, the ransomware is spread through third party marketplaces.
“If you get infected, we strongly recommend not paying the ransom, as that only fuels the cybercriminal activity. Make sure you always have a mobile security solution installed, as it will detect and report any attempt of inadvertent download or installation of malware,” he said.
In July 2014, Android ransomware which displayed a message claiming to be from the Australian Federal Police (AFP) and other local law enforcement authorities affected 6223 Australians, according to Kaspersky Lab research.
The Koler police mobile ransomware detects which country the user is based in and if they are using an Android or iOS phone. The ransomware also detects if the user is on a PC or tablet.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia