back to article Android ransomware demands 12x more cash, targets English-speakers

Cybercrooks have further refined a strain of file-infecting ransomware that infects Android smartphones so that it targets English speakers and is more difficult to remove. The newest variant of Android/Simplocker displays the ransom note in English and asks for a higher ransom of $300. The latest version also encrypts a wider …

  1. DryBones
    Pint

    Hmmm

    Something seems off...

    "In addition, the malware now asks to be installed as Device Administrator..."

    Oh, there we go. Yet another social engineering attack that's only possible if you enable third party / untrusted apk installs, download it, and then tell it to install.

    NEXT!

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      Android is a real mess on the security front.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmmm

        You're stupid enough to download and install this dodgy app, yet it's still Android's fault you are so f**king thick???

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      enable third party / untrusted apk installs

      Such as Amazon's site?

      1. DryBones
        Angel

        Re: Hmmm

        "Such as Amazon's site?"

        If you mean their app store, and it requires you to enable install of untrusted apps, then yes that falls under "third party".

  2. Jamie Jones Silver badge

    $300?

    People just don't have the sort of important stuff on their phones that they might on their PC (at least, not without backups)

    Even some of the most careless users will tend to have uploaded their photos to their PC's for viewing on a larger screen, or have auto backups via Google etc.

    Generally people assume their phone is a lot less safe than their computer (theft, loss, damage etc.)

    I'm not saying that there aren't many out there that are vulnerable, but compared to PC users, it will be considerably less, and who'd pay $300 for a few photos taken over the last few months?

    Indeed, the short replacement cycle for phones adds to this - people won't have important archives on their phones that go back years...

    1. Timmay

      Re: $300?

      Indeed - if I caught this, I'd swear, then factory reset, resync all my contacts, calendar, etc from Google, be glad I had my photos auto-uploading to Dropbox, and be on my way with a clean phone.

      1. Anonymous Coward
        Anonymous Coward

        Re: $300?

        Until you realise the person involved has no idea what either their Google ID or PW is...

  3. Shannon Jacobs
    Holmes

    If the spammers weren't making money, then they would stop sending the spam. Even worse, the money they do make is used to fund ever more diabolical and vicious forms of spam (like the latest round of ransom-ware), but what really angers me is that the spammers gladly target weak victims like children and people who know very little about computers.

    Meanwhile, the big email companies that do understand the threats have adopted the business model of "Live and let spam", which also infuriates me. The spammers obviously LOVE filters, since the filters just give more credibility to the spam that slips through while ignoring the blizzards of spam that disguise the new and more dangerous attacks.

    Why don't any of the major email providers provide REAL anti-spammer tools to break the spammers' business models? I'm not saying that we can eliminate all spam or turn the spammers into decent human beings. I'm just saying that we could reduce their profits, and that many of the spammers would respond by crawling under less visible rocks. Less spam would make the Internet more valuable for everyone.

    Considering the numbers, the approach that seems most promising would be crowd-driven analysis and counterattack targeting. Essentially there are lots of people who hate spam and only a few suckers who feed the spammers. If ANY email system made it easier for the wannabe good Samaritans to help out, then the crowd can help cut the spammers away from the suckers. The integrated anti-spammer tools could allow volunteer spam-fighters to help analyze the spam in several steps. At each step the automatic analyses would be confirmed or corrected or refined, eventually focusing on the most effective countermeasures to disrupt ALL of the spammers' infrastructure, to pursue ALL of the spammers' accomplices, and to help defend and protect ALL of the spammers' victims, even including the poor corporations whose reputations and customers are abused by the spammers. (Concrete examples of specific targeting suggestions available upon request. There are LOTS of obvious ones.)

    By the way, I think you have to limit the anti-spammer tools to the targeting, and the actual kill buttons should remain under the control of the professional spam fighters working for the email services. I would be WAY too eager to pull the trigger.

    P.S. Proof of concept: Stock market pump-and-dump spam has almost entirely stopped. The stock exchanges acted to block the profits, and the spammers gave up.

    1. jonathanb Silver badge

      I suspect the people making money are the ones selling the ransomware kits as a sort of "get rich quick" scheme rather than the ones who buy and distribute them.

      1. DropBear Silver badge

        ...on the other hand - at that kind of rate, you only need a precious few people to fall for this and actually pay up in order to have a great day / week / month...

    2. Robert Helpmann?? Silver badge
      Childcatcher

      Pump and Dump

      P.S. Proof of concept: Stock market pump-and-dump spam has almost entirely stopped. The stock exchanges acted to block the profits, and the spammers gave up moved on to greener pastures.

      Fixed that for you. The problem is that there are so many suckers. Still good points - Have an up-vote.

  4. Anonymous Coward
    Anonymous Coward

    Android, the Windows of the mobile world.

    1. IT veteran
      Windows

      Windows

      Surely Windows is the Windows of the Mobile World?

  5. Glostermeteor

    Backup, Backup Backup[

    That is the way to protect yourself against this kind of stuff. I back up all my contacts, photos and emails to Google and OneDrive, if someone hijacks my phone I am more than happy to do a factory reset on it and wipe it all to kingdom come, I can always just restore.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019