Ransomware Attack Hits Thousands of U.S. Android Users

CRN, By Rob Westervelt

A ransomware campaign tied to a network of malicious porn sites has successfully impacted at least 2,000 Android users in the U.S. and users in 30 countries, attempting to extort a fee to unlock devices.

The attack campaign redirects visitors from a network of porn sites to an attack webpage containing an Android package that must be installed by the user. Once the victim installs the package, the victim's screen is locked by the Koler malware, which displays a phony message from law enforcement demanding up to a $300 fine to unlock the device, according to Kaspersky Lab, which issued a report Monday analyzing the campaign.

The distribution network of malicious porn sites and number of different payloads to target both mobile device owners and PC users demonstrates the growing sophistication and organization behind financially motivated attack campaigns, Kaspersky Lab said. The browser-based ransomware connected to the campaign appears to be tied to a popular exploit kit driven by a distribution network, believed to be based in Russia, Kaspersky Lab said. Read more.