Dark Web – The median price range for Android ransomware kits hits $200

According to the firm Carbon Black, Android ransomware kits are very popular in the dark web, and the median price range for them hits $200.

According to the firm Carbon Black, Android ransomware kits are very popular in the dark web, more than 5,000 Android ransomware kit listings have been discovered in 2017.

Even if most ransomware kits are still focused on targeting Windows systems, Android ransomware kits are expected to grow in volume and price.

The median price range for Android ransomware kits hits $200, 20 times higher than the $10 median price of Windows ransomware kits.

Researchers at Carbon Black found 1,683 Android ransomware kits out of a total of 5,050, their price ranges from $250 up to $850.

The experts explicitly mentioned the case of the DoubleLocker ransomware for Android that was spotted early this year by security researchers from cybersecurity firm ESET. DoubleLocker is the first-ever ransomware to abuse the Android accessibility feature that implements alternative ways to interact with a mobile device, it was a new malware that not only encrypts the Android mobile devices but also changes PIN lock.

Well, experts at Carbon Black reported a case of a cybercriminal that wanted $854 for the Locker Android ransomware kit.

“We are already seeing an uptick in Android Ransomware kits in underground markets, selling for a much higher price. In our research, we discovered that the median price of ransomware targeting Windows OS is $10, whereas Android-capable ransomware has a median range of $200.” reads a report published by Carbon Black.

Rick McElroy, a Carbon Black security strategist, explained that there is a significant difference between typical iOS users and Android ones. Apple users have a tendency to buy new devices everytime a new model is on the market and update their applications and operating systems on a regular basis.

Android users being remiss in updating their devices, giving much more opportunities to the attackers.

“One of the most surprising things was how many Android devices are out there that have not been updated for two years now, and probably never will,” McElroy says. “Updates are usually simple to conduct, but many users simply don’t do them.”

Crooks choose to target Android users because Android holds the largest OS marketshare worldwide for smartphones, roughly 86% in the first quarter of Q1.

Another factor that influences the median price higher for Android ransomware kits is the level of coding sophistication that is needed to create these tools compared to the efforts necessary to develop similar kits for Windows.

“This speaks a bit to how easy it is to get ransomware onto a Windows system versus other operation systems,” McElroy says. “The longer a developer has to spend to get his ransomware to work effectively at scale the higher the price will be.”

The last catalyst that is driving the median price higher for Android ransomware kits is the spike in the value of Bitcoin. Bitcoin is the currency used for payments of the ransom, “with Bitcoin value increasing so quickly, the expansion of this space will likely be connected closely to the value of BTC.”

“However, as those attacks become tougher, and crypto-currency, such as Bitcoin, gains popularity; we believe ransom-based attacks such as screen-lock and file-encryption will gain popularity going forward.” concludes the report.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Android ransomware kits, Dark Web)

[adrotate banner=”5″]

[adrotate banner=”13″]