image Source: Casaco azul
Researchers at Blue Coat have discovered and analyzed a new mobile ransomware campaign that targets older Android devices and doesn’t require user interaction prior to infection. The campaign may be novel but the ransomware has been around since 2014 – Cyber.Police.
Aprender mais sobre Cyber.Police’s Previous Attacks
This is perhaps the first time in (Móvel) ransomware history when a ransomware is distributed without the “help” of the device’s owner.
If No User Interaction Is Needed, How Is Cyber.Police Spread?
The exploit in question is known as Towelroot ou futex. Blue Coat researchers refer to the payload as the ELF payload. No matter of its name, the payload downloads and installs an Android application (.apk) qual é, de fato, o ransomware.
It’s also important to note that the lab device which was infected by the ransomware was an older Samsung tablet, running Cyanogenmod 10 version of Android 4.2.2.
A Look into Cyber.Police ransomware
Como já mencionado, Cyber.Police is not new to the malware scene, as it was first detected and analyzed in December 2014. Similarly to other mobile ransomware cases, Cyber.Police doesn’t actually encrypt files, it only locks the device’s screen. Instead of the classical payment in Bitcoins, cyber criminals demand the victim to buy two Apple iTunes gift card codes at the price of $100 cada.
Blue Coat researchers also observed unencrypted traffic from their infected device to a command & servidor de controle. Such traffic was caught coming from other 224 dispositivos Android. The Android versions were also identified – between version 4.0.3 e 4.4.4.
Another detail about the attack worth mentioning is that some of those 224 devices were not prone to the specific Hacking Team libxlst explorar, which means that other exploits may have been used.
How Can Cyber.Police Be Removed?
The only thing an infected user should do is reset their device to factory settings. As with desktop ransomware, users should also think of backing up the data on their devices. Blue Coat researchers also advice on “using a more up-to-date browser than the built-in Browser app included with Android 4.x devices”.
In case you have lost your files, you can try using a recovery program such as Android Data Recovery Pro by Tenorshare.