Skip to main content

Woburn, MA – June 29, 2016 –Kaspersky Lab has found that the number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting over 136,000 users globally. A report on the ransomware threat landscape, conducted by the company, also found that the majority of attacks (90%) were based on only four groups of malware.


Ransomware is a type of malware that blocks access to information on a victim’s device by locking the screen with a special window or encrypting important files, and then extorts money. It is not only PC users who are in danger of ransomware attacks, but also owners of Android-based devices. Unlike the threats facing PCs, where crypto-ransomware is skyrocketing, Android ransomware is mostly in the form of screen-blockers. This is due to the fact that Android-based devices can’t remove screen lockers with help of external hardware, making mobile screen blockers as effective as PC crypto-ransomware.

Key report findings:

  • The number of users attacked with mobile ransomware increased from 35,413 users in 2014-2015, to 136,532 users in 2015-2016.

  • Only four groups of malware - Small, Fusob, Pletor and Svpeng - were responsible for more than 90 percent of all attacks registered in the period.

  • The United States, Germany, Canada, and the United Kingdom experienced a higher percentage of users attacked with Android ransomware than any other countries.

  • The share of users attacked with ransomware as a proportion of users attacked with any kind of Android malware also increased: from 2.04 percent in 2014-2015, to 4.63 percent in 2015-2016.

Although the actual number of users attacked with ransomware is lower and the rate of growth slower than that seen for PC ransomware, the situation with Android ransomware is of concern. At the start of the comparison period, the monthly number of users who encountered this type of malware on Android devices was almost zero, but by the end it had reached nearly 30,000 attacked users per month. This clearly indicates that criminals are actively exploring alternative opportunities to the PC and show no signs of moving on.

“The extortion model is here to stay. Mobile ransomware emerged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone,” said Roman Unuchek, mobile security expert at Kaspersky Lab. “These could be connected devices like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time,” he added.

In order to protect yourself from mobile ransomware attacks, Kaspersky Lab advises the following measures:

  • Restrict the installation of apps from sources other than official app stores.

  • Use a reliable security solution capable of detecting malware and malicious web links.

  • If installing apps from non-official sources is unavoidable, keep an eye on what permissions the app is requesting. Don’t install such apps without a security solution in place.

  • Educate yourself and your relatives on the latest forms of malware propagation. This will help you to detect an attempted social-engineering attack.

The report covers a full two-year period which, for reasons of comparison, has been divided into two parts of 12 months each: from April 2014 to March 2015, and April 2015 to March 2016.

Read the full report here:

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Sarah Kitsos

Android Ransomware Drastically Increases in Number of Users Attacked in One Year

The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting over 136,000 users globally
Kaspersky Logo