No anti-virus software can detect this extremely dangerous new Ransomware on Android
A new type of Ransomware on Android has just been discovered by a researcher on a blog called Zscaler. The point that makes this type of Ransomware so frightening is that no anti-virus software can detect it.
This new Ransomware was discovered inside a very popular Russian social networking application called OK . This app is completely legal and available in Google Play Store with about 100 million downloads. Also according to the above reviews, this application does not own any strange code.
What happens when this Ransomware is infected?
Unlike other Ransomware, this is a very dangerous and hard to detect type. Specifically, after you install this malicious application, it will not work immediately like most other malware types. Instead, it will hide in the system and not have any action within 4 hours. Therefore, the phone device and even the application still work normally as the victim mistook.
Four hours later, the application will require users to allow the use of device administrator rights when this permission will allow the application to change the lock screen password, screen lock, access to the lock screen and settings. A new password. Of course, if you notice, users will find that this is extremely suspicious and quickly press Cancel .
But even if you click Cancel , the application's request panel will quickly reappear and prevent users from taking any other action. If the user feels uncomfortable and agrees to grant the device administrative rights for the application, a ransom notification will appear on the screen. The attackers required to pay an amount of 500,000 rubles (about 20 million equivalent).
The researchers said: "We have done some more tests to determine whether this malware actually sent user data to a server. However, we did not find it. see any leaked personal data and also find out that this Ransomware cannot unlock the user's ".
Regardless of whether the user has transferred the requested ransom to the attacker's e-wallet, Ransomware will not stop working. As soon as the phone screen is locked, the malware will notify the Command & Control server (C & C) about the new victim. Interestingly, there is no function in this malware to confirm whether the user has paid the ransom.
How to get rid of this Ransomware type
Although no antivirus software has detected and eliminated this type of Ransomware, there is a way to help users get rid of this Ransomware. If you accidentally stick to this virus, do the following:
- Switch device to Safe Mode .
- Disconnect all third-party applications in the device.
- Remove the application and reactivate it to normal mode.
To prevent this from happening in the future, go to Security Settings / Device Administration and uncheck the Unknown Sources box.
Epilogue
It is not uncommon for smartphone users to be infected with Ransomware, since many organizations and individuals are currently focusing on developing illegal Ransomware software to extort and steal user information. So be careful when downloading applications of unknown origin on the Internet.
Refer:
- Theory - What is Ransomware?
- List of the 3 most dangerous and scary Ransomware viruses
- If you don't want to be a victim of Ransomware, read this article
You should read it
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to remove Moba ransomware from the operating system
- Learn about Ransomware: 6 ransomware on computers
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Ransomware can encrypt cloud data
- Ako ransomware is raging all over the world, what do you know about this ransomware?
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Acronis Ransomware Protection, a completely free anti-ransomware solution for Windows
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows