On April 25, Andrew Brandt, director of threat research at Blue Coat Systems, published an article about the ransomware “Dogspectus” that they had come across in their lab environment. You can read the details on the Dogspectus here.
Dogspectus is unique in that it requires no end-user interaction to infect the Android device. After infection, all applications are stopped, and the end user is presented with a demand to pay to remove the ransom on the mobile device.
Based on current research here at VMware AirWatch, we do not believe that this malware actually takes information from the device. It does, however, prevent the device from being used and is a nuisance to the end user. We recommend that enterprises make employee education part of their comprehensive security strategies, which should be regularly reviewed to accommodate today’s trends. As part of that process, educating employees on how to respond to ransomware should be included.
Removal of Dogspectus is rather straightforward, but can also be different, based on the device manufacturer and version of Android. The device must be factory reset. If you find yourself needing to remove Dogspectus, please research the recommended method from your device provider to factory reset the device.
As these types of malware continue to transform and become more prevalent, AirWatch recommends you:
- Examine the needs to have the most recent versions of the operating systems available on the mobile devices and set the appropriate minimum standards for compliance within the organization. Dogspectus is understood to run on Android versions 4.0.3-4.4.
- Educate your employees on the best methods for protecting and backing up their mobile devices and personal information.
- Provide guidance on ransomware for everyone in your organization.
- Encourage employees to report suspicious applications or activity on their devices.
AirWatch is working closely with our great partners in the Mobile Security Alliance to ensure that your mobile enterprise security strategy is as secure as possible in today’s ever-growing end-user computing landscape.