Ransomware seems to have maintained its attractiveness among cybercriminals, steadily growing on multiple operating system platforms – including mobile since 2014. Android users have been targeted by various versions of this extorting malware, most frequently by the police ransomware, trying to scare victims into paying up after (falsely) accusing them of harvesting illegal content on their devices.
The most popular attack vector used by cybercriminals is the misuse of unofficial markets and forums to spread their malicious code using infected apps.
2016 has also brought cases where cybercriminals added additional, more sophisticated methods to their toolboxes. Attackers tried to bury malicious payloads deeper within applications. To achieve this, they encrypted them, then moved them to the assets folder, which is typically used for pictures or other contents necessary for the app. The apps however, seemingly had no real functionality on the outside, but on the inside, there was a decryptor able to both decrypt and trigger the ransomware.
ESET experts have also documented Android ransomware spreading via email as an attack vector. Attackers used social engineering to manipulate victims into clicking on a malicious link in their message and direct would-be victims to an infected Android application package (APK).
Another interesting development observed this year has been the growing focus of Jisut ransomware operators on Chinese markets, using a localized Chinese ransom message.