Mobile ransomware has soared globally, increasing nearly four-fold over the past year, according to new figures released by Kaspersky Lab.
The Russian AV vendor claimed in a new report on the malware epidemic that its Android security tools protected 35,413 users from mobile ransomware between April 2014 and March 2015.
However, this figure had risen to 136,532 users a year later.
The report added:
“The share of users attacked with ransomware as a proportion of users attacked with any kind of malware also increased: from 2.04% in 2014-2015 to 4.63% in 2015-2016. The growth curve may be less that that seen for PC ransomware, but it is still significant enough to confirm a worrying trend.”
The top 10 countries suffering mobile ransomware attacks also changed significantly over the period.
Previously dominated by the United States, Kazakhstan and Ukraine, the list was topped over the past year by Germany where nearly 23% of all users encountering malware were hit by mobile ransomware, followed by Canada (19.6%) and the UK (16%).
Kaspersky Lab had the following explanation:
“It is hard to say precisely why this is the case, but we can assume that in countries that feature at the top of the mobile ransomware list, mobile and e-payment infrastructure is much more developed and has deeper penetration than in countries that are at the bottom of the list or not on it at all. Criminals like to get as close to their victim’s money as possible and attacking a user who can transfer the ransom in couple of taps or clicks is likely to have the most appeal.”
Pletor, Fusob, Svpeng and Small were the main malware families in the 2014-15 period, although Pletor and Fusob dropped off significantly in terms of activity the following year.
The report explained that when it comes to mobile ransomware variants usually employ screen blocking technology rather than more sophisticated encryption.
This is because Android security features limit the ability of third party apps to get unlimited access to user data and because data is often backed-up to the cloud automatically.
Blockers work much more effectively on a phone than a PC because the user can’t simply remove the hard drive and attach to another device to remove the malicious files, as can be done in the case of a PC
“It is almost impossible to do the same with a mobile device as its hardware is impossible to remove easily and analyze with the help of an extraneous device,” the report concluded.