New ransomware puts child pornography on victims' smartphones

Researchers have discovered a scary new form of ransomware scam that targets smartphone owners and uses images of child pornography in an attempt to extort money from them.

Ordinary ransomware scams “only” threaten to destroy or permanently encrypt victims' files unless the victims pay a ransom, usually with Bitcoin,
a pre-paid money card, a wire transfer, or some other untraceable method of payment.
But this new ransomware scam is arguably worse – not only are victims locked out of their phones, but have reason to fear arrest and imprisonment for possession of child pornography as well.

The hacker takes control of the smartphone, loads the illegal photos and then sends the owner an ominous message. “It quotes even United States Criminal Code statutes of what's been violated,” Watkins said.

The hacker's message continues: “This phone has been found to have accessed explicit or pornographic images and we can take care of this for $500.”

The phones' owners cannot delete the images, and they're usually afraid to contact police for fear they'll be arrested for possession of illegal images.
One of the victims said: “How am I going to explain this on my phone and come up with the story of, hey, somebody took over my phone and planted these images?”
In this instance, the unnamed victim was a 12-year-old girl, who told investigators that she was watching a video on YouTube, walked away, and found the message when she returned.
Our researchers contacted various phone companies, none of whom had ever heard of this particular type of ransomware scam before.


Most ransomware scams do not load pornography or anything else onto a phone or computer, choosing instead to destroy or encrypt what's already there.

Affected by ransomware? Here’s what to do:
By following the same protection rules for all malware, including:

1. Make sure your operating system, anti-virus and other security software are all up-to-date.
2. Never click on a link in an unsolicited email, text or other messages.
3. Never download a zip file or any other attachments in emails.
4. Make sure the settings on your phone, tablet or any other Internet-connected device are set so that nothing can be downloaded without your permission.
5. When getting messages allegedly from some company or service provider, remember the anti-scam rule “Don't call me; I'll call you” – and don't do business with anyone who breaks it.

In addition to these anti-malware rules, you should also remember to make regular backup copies of your data and files, just in case some nasty malware (or an ordinary bad-luck hard-drive crash) damages what's on your computer.

And if you have the misfortune to receive a ransomware message, do not pay the ransom or contact the hacker in any way; contact the police instead.

Tags: Malware Ransomware Phishing