Mobile Ransomware That Doesn't Ask Victims For Crypto Emerges

Published at: April 28, 2020

A report from cybersecurity firm Check Point unveiled a new ransomware attack, where cybercriminals pose as the FBI to demand victims pay their "fine" by credit card. 

According to the April 28 report, the malware — known as "Black Rose Lucy" — is unusual, since there are no ransom payments involving cryptocurrencies like Bitcoins (BTC) and it affects users of mobile devices with Android as an operating system.

Check Point had already tracked the beginnings of the malware since September 2018, originating in Russia as a "Malware-as-a-Service" (MaaS) botnet. However, it took the form of ransomware to make various changes to the device and install malicious applications.

Fake FBI warnings

As usual with ransomware attacks, Lucy encrypts files on the infected device and displays a fake FBI warning, accusing the victim of possessing pornographic content on their devices.

The message also states that the details of the targeted user have been uploaded to the FBI Cyber Crime Department's Data Center and lists a series of bogus charges brought against them.

The fine is $500, but it must be paid via credit card instead of Bitcoin, as ransomware attacks usually operate.

Not a serious threat

Speaking with Cointelegraph, Brett Callow, threat analyst at Emsisoft, said he doesn’t believe that mobile platforms are a target for serious ransomware groups: 

“It’s simply not where the money is at. While an attack on corporate endpoints and servers can bring a company to a standstill and enable the criminals to extort a significant ransom, the same cannot be said for an attack on mobile devices.”

Callow adds the following comment on the fact that ransomware attacks, like Lucy, accept credit card payment:

“The fact that these low-level sextortion scammers are seemingly transacting via credit card rather than Bitcoin is unusual but not a particularly significant development. I certainly wouldn’t expect to see any of the real ransomware groups adopting the strategy.”

Android’s users get hacked with fake notifications

The cybersecurity firm says that Lucy uses an "ingenious" method to circumvent Android security, displaying a message asking the user to activate real-time video optimization.

As a next step, the cybercriminals persuade the victim to give malware permission to use the accessibility function in Android.

Cointelegraph reported on April 21 about a publication from Emsisoft lab malware that highlighted that there was a significant drop in the number of successful ransomware attacks on the public sector during Q1 2020, despite the COVID-19 crisis.

Tags
Technology
Bitcoin
Russia
Cybercrime
Crimes
Ransomware
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
COVID-19 Ransomware Plagues Canadian Android Users
A new ransomware called CryCryptor is targeting Canadian Android users. It is distributed via multiple websites that pose as portals for a government-backed COVID-19 tracing app. According to research published by ESET on June 24, CryCryptor appeared shortly after Canada's government announced a COVID-19 tracing app that utilizes voluntary information submitted by citizens. Source: ESET Once the victim installs the fake app, the ransomware encrypts all files, leaving a "readme" note with the attacker's email instead of locking the device. For this particular attack, ransom instructions appear to only be distributed via email. An open source ransomware The ransomware’s code …
Technology / June 25, 2020
Hospitals Still Being Attacked Despite Big Fall in Ransomware
The number of ransomware attacks globally has dropped significantly since the coronavirus crisis intensified in March, according to a new report from Chainalysis. The blockchain analytics firm said the drop was particularly significant given there were growing concerns over the impact of ransomware attacks against hospitals and other healthcare organizations during the crisis. Hospitals are a favoured target for ransomware gangs. Security software provider Emsisoft reported that over the course of 2019, at least 764 healthcare providers in the U.S. had been attacked. In mid-March Emsisoft publicly implored ransomware gangs to stop targeting hospitals due to the potential fatal impacts …
Technology / April 16, 2020
Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware
Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data. Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility: “Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.” Maze’s modus operandi Callow explained that the group usually …
Bitcoin / March 29, 2020
Research Suggests Russian-Based Hackers Behind Ryuk Ransomware’s $2.5 Million Gains
A recent spate of ransomware attacks estimated to have earned hackers 705.08 Bitcoin (BTC) ($2.5 million) likely came from Russian cybercriminals, not North Korean state-sponsored actors as initially thought. The development was reported on The Next Web’s crypto-focused news site Hard Fork on Jan. 14. Hard Fork cites evidence from cybersecurity research teams McAfee Labs and Crowdstrike, which have analyzed the strategies used in developing and disseminating the Ryuk ransomware strain, and concluded that the identity and motivations of its masterminds have most likely until now been misreported. The Ryuk campaign notably attracted wide attention following its targeting of major …
Bitcoin / Jan. 14, 2019