Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

SLocker Ransomware Variants Surge

SLocker, one of the top 20 Android malware families, has seen a six-fold increase in the number of new versions over the past six months.

New variants of an Android ransomware family have surged over the past six months to some 600 unique versions.

That's a dramatic jump from the 100 variants created between October to the start of December, says Michael Covington, vice president of product strategy for Wandera, which published new data on the ransomware today.

The new strains of the mobile ransomware use a range of disguises to avoid detection. The SLocker variations are repackaged as altered icon, for example, or offer unique resources and executable files. SLocker encrypts images, documents, and videos, as well as blocks access to the device before demanding payment to unlock the phone and its contents.

Chief security officers and their teams have reason to worry about the rapid rise in the number of SLocker strains, say security experts. The malware has morphed beyond just locking users' screens on their Android devices and demanding payment, to taking over administrative rights and controlling the device, including its microphone, speakers, and the camera.

Bogdan Botezatu, senior e-threat analyst with Bitdefender, says an Android smartphone infected with SLocker could potentially broadcast highly sensitive information presented during a closed-door boardroom meeting without the user's knowledge, for example.

Wandera's Covington points to potential risks to sales and consulting staff, for example. "In a lot of situations where the employees work out in the field like in sales or consulting, it can have a massive impact on their business if they are locked out of their phone and data," he explains.

Victim organizations paid an estimated $10 million in ransom to unlock confidential data stored on Android phones that fell victim to SLocker, according to Wandera's report.

By the Numbers

Android ransomware first emerged in 2014, after creators of the Reveton/IcePol ransomware for PCs turned their attention to Android devices and cooked up the Android.Trojan. Koler.A and then later Android.Trojan.SLocker, according to Bitdefender's Botezatu.

For the first two years, SLocker was among the top 20 Android malware families and then shot up to the top 10 in 2016, notes Botezatu. "Its rise to the top 10 was mostly because of the frustration factor. It's a psychological thing when people can't get information from their smartphone," he says. "People were willing to pay the ransom. The mobile device is more personal than the personal computer."

But now SLocker ranks in the No. 14 to No. 18 spot among the top 20 Android malware families, as cyberthieves create new types of Android malware and enlarge the pool of contenders and dilute SLocker's influence, Botezatu says.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4230
PUBLISHED: 2020-02-19
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
CVE-2019-4429
PUBLISHED: 2020-02-19
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
CVE-2019-4457
PUBLISHED: 2020-02-19
IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.
CVE-2019-4640
PUBLISHED: 2020-02-19
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
CVE-2020-4135
PUBLISHED: 2020-02-19
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.