Malware researchers are warning about the emergence of a new family of ransomware called ElGato Ransomware. This malware is targeting Android devices, and it can lead to the encryption of the files found on them. According to recent information, it seems that this malware offers an open source code for other cyber criminals to exploit and create their own versions of ransomware. At this moment, the ransomware is still in its development stages, and it has not started a widespread attack; however, it might be only a matter of time before Android users get hit. When they do, the ransomware might not only lock the files but also initiate other malicious activities. Continue reading to learn more.
The name of the ElGato Ransomware derives from the image of a cat that might appear when the threat invades the system. “El gato” translates to “cat” from Spanish. Although it is most likely that the main feature of this malware will be to encrypt victims’ files and demand for a ransom payment, it was discovered that it also has the potential to lock down the screens of the targeted Android devices. At the time of research, ElGato Ransomware did not show ransom notes or any kind of notifications, and so it is difficult to say how the lockdown of the screen would play in. However, it is most likely that the lockdown of the Android screen will be used to coerce victims into paying money. This is the main reason for encrypting files found on Android devices as well, and, according to research, cyber criminals can use AES (Advanced Encryption Standard) algorithm to corrupt files. At this moment, the ransomware is set to encrypt files using a hardcoded password, and, if this method is not changed, victims might be able to force the ransomware to decrypt files.
The devious ElGato Ransomware establishes a connection to remote C&C servers, and regular checkups are made for new commands. Notably, these commands are sent without encryption. As we now know, the commands include locking down the screen and encrypting files, which might include photos, videos, and documents. The files encrypted by this malware will have the “.enc” file extension added to them. Additionally, ElGato Ransomware can hijack the device to send messages, which could be used to spread malware to other devices. It also can read, delete, or forward SMS messages without user’s permission or notice. It is dangerous to have SMS messages read if sensitive information is included because cyber criminals could use it to their benefit. The worst part is that this malware is controlled using a web-based control panel that is not protected with a password and, therefore, is open for anyone’s use. Unfortunately, it is possible that third parties will exploit this control panel to design different versions of this malware.
Android devices are susceptible to all kinds of attacks, and it is crucial to take the necessary security measures to ensure that ransomware, ad-injecting software, or other malicious threats do not slither in. The first thing that is recommended is installing reliable and up-to-date security software that could efficiently protect the vulnerable Android device from malware attacks. It is also very important to install security software updates as soon as they come in. Postponing these updates leaves the device vulnerable and open to malware attacks. Scanning the PC regularly is important as well, and canceling automated scans is a bad idea. Finally, the most important thing is to stay cautious when using the Android device, as malware usually slithers in when the user is visiting malicious sites or downloading unreliable apps.