Tuesday, 3 January 2017

LG Smart TV infected by Frantic Locker Ransomware !!

For several years, ransomware for Android phones has already been the hot topic and it was only a matter of time until such malicious programs could start affecting smart TVs, especially those that run Android.

On Dec. 25, Kansas-based software developer Darren Cauthon, reported that his wife accidentally infected his Android-based TV with ransomware on downloading a movie-watching app. Majority of the ransomware apps on Android are screen lockers which work by displaying the messages on the phone's screen and disallowing users from performing any actions until they pay some fee as ransom.

The ransom message that Cauthon received was something like below :

DEPARTMENT OF JUSTICE

FEDERAL BUREAU OF INVESTIGATION
FBI HEADQUARTERS
WASHINGTON DC DEPARTMENT, USA

AS A RESULT OF FULL SCANNING OF YOUR DEVICE, SOME SUSPICIOUS FILES HAVE BEEN FOUND AND YOUR ATTENDANCE OF THE FORBIDDEN PORNOGRAPHIC SITES HAS BEEN FIXED. FOR THIS REASON YOUR DEVICE HAS BEEN LOCKED.

INFORMATION ON YOUR LOCATION AND SNAPSHOTS CONTAINING YOUR FACE HAVE BEEN UPLOADED ON THE FBI CYBER CRIME DEPARTMENT'S DATACENTER.

Cauthon tried to fix the issue by rebooting the TV. Instead it booted to a ransomware with this above message. It demanded a ransom of $500 so he through of connecting to the LG support team to help him restore by performing a factory reset. On connecting, the LG technician replied that they could not disclose the instructions to customers and recommended him to come over and take a look for a fee of around $340.


Later on, the solution was provided to perform a factory reset of the LG TV :
"With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

This allows the TV to boot in recovery mode. This allows wiping the data partition, which deletes all user settings, apps and data and is the equivalent of a factory reset.

The ransomware app infected was only a screen locker and did not encrypt files. Smart TVs have USB ports and allow connecting external hard disk drives in order to watch personal videos or photo collections. So, this introduces a risk of getting the entire data to be encrypted and it could be a big risk especially if they're not backed up.

No comments: