Think about everything that you do with your smartphone. The amount of sensitive data we keep on these powerful gadgets can be massive. Information dealing with financial accounts, and credentials to several websites are just a couple critical things we have on our phones these days.
Losing access to the information on your phone is frightening. That's exactly what would happen if it gets infected with ransomware. Now, there is ransomware being distributed through an app that you have to know about.
Researchers with Check Point recently discovered the malicious app named Energy Rescue. The scariest thing is it was available in the Google Play Store.
What makes this ransomware attack different
The Energy Rescue app was supposedly created to help the phone's battery life. Instead, the malicious app steals the victim's contacts and text messages and asks for admin permissions. If these permissions are granted, according to Check Point, the gadget gets locked by ransomware and displays this message:
"You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL OUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc... We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family."
Once your phone is infected, a ransom of 0.2 Bitcoins, about $180, is demanded.
This ransomware attack is especially disturbing because the malicious app was found in the Google Play Store. Google has security filters that are supposed to find these malicious apps and block them from the Play Store. Typically, when someone downloads a malicious app for their Android gadget, it comes from a third-party source.
The good news is, Check Point reported this app to Google early on and it has been removed from the Play Store. Also, Apple users are not impacted because the app was not available for iOS.
How to avoid becoming a ransomware victim
Some law enforcement agencies have recommended not paying for a ransomware attack. Their theory is there is no guarantee that you will get your files back. Some of the criminals behind these attacks have claimed to return victims' files once they pay but actually, the files are deleted the moment the gadget is infected.
Obviously, it's best to not be infected with ransomware. The FBI recently gave recommendations on how to avoid ransomware attacks:
- Download only trusted software - make sure the software you download comes from trusted sites. In this instance, the malicious app actually was found in the Google Play Store. However, this is very rare and the Play Store is the most trusted place for Android users to find safe apps.
- Back up data regularly - this could be the best way to recover your critical data if you are infected.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails.
- Have strong security software - This will help prevent the installation of ransomware on your gadget.
If you want to learn more about ransomware, listen to our podcast on how to avoid ransomware pitfalls.