Ransomware is on the rise lately and hackers keep finding new ways to make money illegally, using the same old scheme but adding some new details every time. A large scale outbreak of WannaCry ransomware, followed by Petya ransomware is already a thing of the past as LeakerLocker makes it own way through Google Play app store.
LeakerLocker is really different from all previous ransomware infections that used to encrypt files stored on a device and then ask for the ransom in order to decrypt them. This time, ransomware is targeted not to your files, but rather most sensitive information you store – Internet browsing history and you photos. In addition to that, failing to pay the ransom would result in that information being publicised, but instead of posting it somewhere on the Internet, cyber criminals decided that it would be much more sinister to send it directly to all of your contacts.
On the bright side, there is the size of ransom – it is only $50, while typical ransomware ransom usually starts at several hundreds of dollars. However, if your computer gets infected with a classical ransomware, there is a hope that free decryptor will be developed soon and you will be able to retrieve your files or you can even restore your files from a backup copy, while there is no cure against this kind of ransomware – if your device is infected, you are doomed to pay the ransom or get exposed.
Now pay a close attention – at least two app on Google Play store are definitely distributing this ransomware and its’ Wallpapers Blur HD and Booster & Cleaner Pro. Both of them have been downloaded several thousands of times. It’s really difficult to tell that those apps could be distributing malicious software since they work as typical applications, no signs of strange activities.
The trick is that mentioned applications have no malicious code in them, but once installed on a device uploads it from the Internet. Once inside of the device, it starts to collect all kinds of sensitive information. Immediately after the information is collected, your home screen will be locked and a message on it will appear. Message contains this information:
All personal data from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50 (£38).
Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.
As you can see, cyber criminals claim that they are storing data on the cloud thus they have a full control over it. However, it is believed that only some of your data can be stored and kept there, because it would require too much resources in the long run. As far as we know, LeakerLocker ransomware is capable of recording contacts, history of Google Chrome web browser, text messages and calls, email address. In addition to that, it can also take a photo with phone camera.