It seems like there is a new ransomware attack making the rounds every week. Who could forget the recent WannaCry variant that claimed hundreds of thousands of victims in over 150 countries?
Typically, ransomware victims have their critical files encrypted and must pay a fee to get them back. However, a new ransomware variant has taken a devious twist.
New ransomware variant blackmailing victims
A new type of ransomware targeting mobile devices was recently discovered by researchers at McAfee. It's being dubbed LeakerLocker.
Instead of encrypting victims' files, LeakerLocker threatens to leak them to all of their phone and email contacts. So any private photos, text messages, or other sensitive data is at risk of being seen by everyone you know.
This attack is being spread to Android gadgets, through malicious apps found in the Google Play Store. The malware was found in two specific apps, Booster & Cleaner Pro, and Wallpapers Blur HD.
Both of the apps have since been removed from Google Play Store. The scammers will continue to build new malicious apps to deliver the malware.
Victims will see a message pop-up on their gadget. It claims that all personal data from your smartphone has been transferred to the criminals' secure cloud. In less than 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50.
Image: Example of LeakerLocker ransom note. (Source: McAfee)
Once the malware executes, LeakerLocker locks the gadget's home screen and accesses private data in the background. It can do this because the victim grants permissions for the app after installing it.
The cybercriminal is able to access a victim's email address, contacts, Chrome browsing history, calls, text messages, pictures from the camera, and some device information.
As with all ransomware attacks, the FBI advises victims not to pay. There is no guarantee that when your files are encrypted you'll get them back.
In this incident, there is no guarantee that the criminals won't use the data at a later time to blackmail you again. Also, the criminals could change the payload at a later time to make this a more conventional attack where they leave your files encrypted.
How to protect against ransomware
The best way to defeat a ransomware attack is to take precautionary steps. Here are suggestions that will help:
- Back up data regularly - this is the best way to recover your critical data if your computer is infected with ransomware.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Have strong security software - this will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. It's the best way to recover your files without paying a ransom.
We recommend using our sponsor IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Go to IDrive.com and use promo code Kim to receive an exclusive offer.