Microsoft Found a New Dangerous Ransomeware: Know Everything About it

Must Read

Parth Dubey
Parth Dubey
I am Parth Dubey, currently an undergraduate. I have been working as a content writer for the past 6 months and have worked in various fields with many people and firms. I firmly believe that writing is not just about money making or attracting people, it's more about knowledge and information, along with feelings.

American multinational tech giant, Microsoft has recently discovered sophisticated mobile Android ransomware. They found this ransomware with novel behavior and techniques. It is evading many available protections and securities. It is also registering a very little detection rate against security solutions. This mobile ransomware, called AndroidOS/MalLocker.B, is very dangerous. It is the fresh variant of a ransomware family that was in the wild for some time but has been evolving non-stop.

Microsoft discovers most dangerous mobile Android ransomware: Know what is  it | Technology News – India TV
Image Credits: India TV News

More About The Ransomeware :

Microsoft Defender Research team member, Dinesh Venkatesan told me about this in a security blog on Thursday. He says,

“This ransomware family is popular for hosting arbitrary websites. It is circulating everywhere. It pretends to be various popular apps, cracked games, or video players. This threatening ransomware doesn’t actually block the access to file. It doesn’t encrypt files like various other Android ransomware. Rather, it displays a screen that appears over every other window and thus blocks access to devices. It makes users incapable of doing anything else.”

Time to Patch — Krebs on Security
Image Source: Kerbs On Security

Microsoft said, “The screen has a ransom note, including threats and instructions to pay the ransom”.

This new mobile ransomware variant is a crucial discovery. It is so because it shows behaviors that have been seen nowhere before. This situation could open doors for other malware to follow this way.

“It supports the need for comprehensive defense with a strength of broad visibility inside the attack surfaces. We also need domain experts who track the threat landscape and search for notable threats. It is possible that might be hiding amidst massive threat data and signals,” Microsoft researchers explained.

Earlier, Android ransomware used special permission called “SYSTEM_ALERT_WINDOW”. This permission allows them to display their ransom note. Apps with this permission can make a window that belongs to the system group and is not dismissable. No matter what button you press, that threat window stays on top of all other windows.

“This window was intended to notify for system alerts or errors, but Android threats misused it. It forces the UI controlled by the attacker to fully occupy the screen which blocks access to the device. Ransomware creates this situation to force users to pay the ransom so as to get back the access to the device,” Microsoft explained.

This Android malware evolved to misuse other features, but these aren’t as powerful. Microsoft says that its defender detects AndroidOS/MalLocker.B as well as other malicious apps and files. They used cloud-based protection strengthened by deep learning and heuristics, along with content-based detection.

Latest News