NEW DELHI, INDIA: After many years of evolution, ransomware has emerged as one of the most troublesome malware categories of our time. India ranks as the 9th most impacted region by ransomware with other countries like US, Japan, the UK, Italy and Germany topping the charts.
Ransomware has had a global spread as, according to Symantec’s telemetry, 11 of the top 12 countries impacted by ransomware in the past 12 months are all direct or indirect member states of the G20 organization.
With the increasing spread of connected devices, such as wearable computers and the Internet of Things (IoT), ransomware may be on the cusp of another evolutionary jump forward.
In its latest research, Symantec found out that it would not be difficult for current-generation ransomware to make the leap from mobile phones to wearable devices such as smartwatches. "Before we get into that, let’s take a look back at where ransomware came from, where it has been, and where it is likely to go next," it said.
Ransomware on your wrist
One trend that has recently caught the public’s attention is that of the smartwatch. While Google first introduced the Android Wear smartwatch OS to the public in early 2014, the recent arrival of the Apple Watch has given this sector a significant boost. This is creating a fledgling market for smartwatch apps which developers have started to cater to.
Given that there are already ransomware threats in circulation for Android mobile devices, we decided to test how an Android Wear device might be impacted by typical Android ransomware. To do this test, we simply had to repackage a current Android ransomware .apk file (Android.Simplocker) inside a new Android Wear project to create a new .apk file.
Next, we took a Moto 360 smartwatch and paired it with an Android phone. When we installed the new .apk file on the phone, we found that the phone became infected with the ransomware as expected. As the smartwatch was paired with the phone, the ransomware was also pushed onto the smartwatch. Once installed on the smartwatch, the malware could be executed by the user if they were tricked into running it, thinking it was a useful app.
After the ransomware was executed, it caused the smartwatch to become generally unusable. Simplocker has a routine that checks for the display of the ransom message every second, and if it is not shown, it will push it onto the screen again. This activity prevented us from using the device. Simplocker also encrypted a range of different files stored on the smartwatch’s SD card.
So far, we have not seen any ransomware in the wild specifically designed to target smartwatches but this situation could easily change. This scenario could give rise to the term “ransomwear”—ransomware that you can wear.
Recovery and mitigation
- Avoid installing apps from unknown/untrusted sources
- Check permissions when installing apps to make sure that they are appropriate for the type of app being installed. For example, does a game really need to be able to access your contacts list or send an SMS?
- Use a suitable security solution on your mobile device
- Keep your software up to date
- Make frequent backups of important data