Ransomware isn’t new to the tech world. We covered about the earlier WannaCry attack here on GeekDashboard. It affected even government organizations by encrypting the files. The thing about Ransomware is they deny your access to the files and demands a ransom. No one is reported to have received their files back after paying the ransom.
The new one on the web goes by the name Filecoder.C. ESET researchers brought this in the daylight. Even though the number of affected cases is low, the mode of Operandi may attract thousands into installing the ransomware on their devices.
The New Android Ransomware Attempts to Spread to Victims’ Contacts
The new threat to the Android users surfaced online first via Reddit via QR codes and HTML links. Dubbed as Android/Filecoder.C, the ransomware targets devices running on Android 5.1 or higher. The people who deliberately spread this online concealed it as adult content. For the same reason, careless ones fall prey to this trick.
Once you sideload the infected APK on the device, it will spread itself via text messages to the contacts on your phone. When it is done spreading the threat, it will lock you out of all the files. You will never get to open any of them. It then demands you to pay a ransom of $90 to $100 to regain access. They claim to delete the files after 72 hours.
On dissecting the application, you can see the application uses the following permissions.
android.permission.SET_WALLPAPER
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SEND_SMS
android.permission.INTERNET
In order to boost the reach, the developers of the ransomware have included 42 languages for the message template. It chooses the language based on what you use on your phone.
The ransomware encrypts text files, images, and videos. However, for some reasons, .apk, .dex, .zip, and .rar files remain untouched. Both JPG and PNG images under 150KB also experience no harms. The files with size over 50 MB also seems like on the safe side. The encrypted files get an extension .seven and become inaccessible.
ESET researchers found that due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this new ransomware was limited.
If you want to protect yourself from ransomware, you shouldn’t open links sent by strangers. In case such a weird message comes from your acquaintances, contact them to confirm the source. In short, don’t try to open it before you ensure the credibility of the message.