“Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today.”
That is the dramatic opening sentence from security vendor Symantec’s new report ‘The evolution of Ransomware’. The extortion Symantec is talking about is that ransomware.
There are two types of ransomware in circulation,” says report co-author Kevin Savage. “The most common type today is crypto ransomware, which aims to encrypt personal data and files. The other, known as locker ransomware, is designed to lock the computer, preventing victims from using it.”
With both kinds of ransomware the perpetrator then demands the victim pay money to unlock the files or the affected device. And with smart watches and other wearable devices proliferating, Symantec says they will increasingly be ransomware targets.
Ransomware is designed for direct revenue generation, explains Savage. The four most prevalent direct revenue-generating risks include misleading apps, fake antivirus scams, locker ransomware, and crypto ransomware.
“Direct revenue-generating malware went through four major pivot points in the past decade. Each pivot point indicates a shift from one type of malware to another, ultimately leading to ransomware.”
The top six countries impacted by all types of ransomware in 2015 are the US, Japan, United Kingdom, Italy, Germany, and Russia, and the average ransom amount is US$300. The favoured payment method for locker ransomware is payment vouchers, and for crypto ransomware it is bitcoins.
“Crypto ransomware is now preferred among cybercriminals,” says Savage. “It accounts for 75% of new ransomware threats discovered in 2015. Cybercriminals behind ransomware are constantly innovating. With more connected devices around, we can expect to see ransomware appear in new device categories where they were never seen before.”
The report singles out wearable technology as a major potential area for ransomware, despite not having seen any examples of ransomware specifically designed to target them.
“The wearables market is gathering momentum. Smartwatches are gaining in popularity and typically retail from around US$100 to several hundred. This year may be considered by many to be the year when the smartwatch finally becomes mainstream, with the arrival of many more Android Wear models as well as the much anticipated Apple Watch.
“With so much growth and hype in this technology, the wearable device market is likely to attract the attention of ransomware creators. When we considered smartwatches in the context of ransomware, we came to the conclusion that there are no particular reasons why ransomware would not work on them.”
The report says Android watches and wearables are particularly vulnerable. “Android Wear is a limited subset of the Android OS. They typically feature a small touch screen that allows a wearer to use touch gestures to interact with the device.
“Android Wear devices also support voice commands which can be activated by saying ‘OK Google’ to the smartwatch followed by a command or question,” says Savage.
“Hardware buttons are not often used or have very limited functionality in these devices. Most functionality is accessed through touch- or voice-activated menus.
“To ensure support for the smartwatch OS, Android Wear was designed to enable existing phone-based apps to work with Android Wear in order to show notifications and alerts without any changes to the existing app’s code. App developers can also write apps specifically for Android Wear or they can extend existing phone apps to take full advantage of extra features enabled by the smartwatch.
“Based on our understanding of how ransomware typically works and how these devices operate, we believe that the most likely form of ransomware to appear for smartwatches is locker ransomware.
“We don’t believe smartwatches will hold much data that is of great value to the wearer, so holding data to ransom on these devices is of little use. A device-locking ransomware could potentially be more successful due to the way many of these devices are designed.
“Given the limited options for interacting with a smartwatch and the lack of hardware interfaces, we believe that these devices may be more susceptible to a locker ransomware attack. At best, locker ransomware attacks on smartwatches may be highly inconvenient, forcing the user to resort to factory resets to recover the device. At worse, the ransomware infection could potentially render the device unusable.”