Lucy’s Back: Ransomware Goes Mobile

Check Point Research

Ohad Mana, Aviran Hazum, Bogdan Melnykov, Liav Kuperman

Ransomware attacks have been a part of the security landscape for a long time. We are familiar with infamous malware such as CryptoLocker, WannaCry and Ryuk, all of which have caused enormous damage to organizations and private assets globally. And while ransomware has just started to take its first steps in the mobile world, it’s evolving fast as malware developers and attackers apply the experience they have gained to create disruptive mobile ransomware attacks.

An example is the ‘Black Rose Lucy’ malware family, originally discovered in September 2018 by Check Point. Lucy is a Malware-as-a-Service (MaaS) botnet and dropper for Android devices. And now, nearly two years later, it is back with new ransomware capabilities that allow it to take control of victims’ devices to make various changes and install new malicious applications.

When downloaded, Lucy now encrypts files on the infected device and displays a ransom note in the browser window which claims to be an official message from the US FBI, accusing the victim of...

Get the Morning Update

Thanks for subscribing!