One example of the Fusob variant. Image Source: Kaspersky

Fusob is a one of the most prevalent forms of mobile ransomware. According to Kaspersky, Fusob represents over 56 percent of mobile ransomware activity between 2015 and 2016. US users make up approximately 11.4 percent of all Fusob victims. For US victims, the ransomware will display a screen with a statement claiming to be from NSA demanding a ransom for illegal actions taken and a criminal case will be opened if the fine is not paid. Fusob typically demands between $100-200 in payment, and will even accept iTunes gift cards as payment. Notably, Fusob will not execute if the language of the user is detected as one of the post-Soviet republic languages.


  • June 2016: Fusob and Small ransomware families are increasingly prevalent. (Kaspersky)
  • February 2016: A review of Fusob activity in 2015. (SecureList)

Technical Details:

  • Securelist provides technical details on the Fusob mobile ransomware, available here.