We have come across an interesting report posted by ESET. It gives us some insight as to how ransomware has developed within the last year. In general ransomware infections has grown by plus minus 50% comparing 2015 with 2016.
The operators also show a shift in 2016 from the US to the African and Asian side whereas in 2015 a shift was noticed from the Jap Europeans to the US.
Primary findings show a rising pattern of ransomware being sent via spam email, embedding the mal hyperlinks.
Most Ransomware detected was discovered in apps downloaded from external sources and not from the Google Play Store.
Ransomware writers keep away from the straightforward detection. The encrypt their payload, hiding the ransomware in the app’s property folders.
Android ransomware started to support different operations similar to wiping the system, reset lock display PIN, open URLs in the browser, GPS monitoring, and stealing non-public information. No longer only encrypting information or locking the telephone’s display,
Android ransomware uses the HTTP to communicate with its C&C server. Exceptional cases include ransomware using Google Cloud Messaging, XMPP, Tor, and Baidu Cloud Push.
Hidden ransomware is commonly found in apps like Adobe Flash player, adult and antivirus apps.
In 2016 Jisut Android ransomware noticed a big increase in activity, increasing the number of detections compared to 2015.
This development was driven by the Jisut entry on the Asian market, and particularly China.