What you need to know about mobile ransomware
If you’ve been following the news lately, you know the dangers of ransomware on business computers. There’s an emerging threat as well: mobile ransomware. Here’s how it works:
Your mobile phone screen freezes, then goes black. Up pops a message saying “Your phone is locked. We have downloaded all your data. We will begin to sell your personal information on the black market every 30 minutes until you pay $100 to unlock it.”
From the cyberhacker’s mind, that’s the beauty of mobile ransomware. You’re willing to pay – it’s just $100 – and you can’t live without your phone. Nor do you want your personal data to be compromised any further. (And who’s to say they won’t sell it anyway, even if you pay?) So cyber criminals reap the benefits that quickly add up, as they hack more and more mobile devices. By the way – it’s not just smart phones that are targeted: it’s also tablets, smart TVs and potentially any other device with Internet connections. That’s why we’re providing these tips on mobile ransomware prevention.
Related: How to guard against an insurance data breach and keep your cyberspace secure
A type of computer malware, ransomware restricts access to files on an infected device or network. Once a user inadvertently downloads a Trojan virus disguised as a legitimate app or file, or clicks on a bogus ad that redirects them to a rogue website, the device is completely vulnerable. The rogue website then exploits unsecure browser plugins to download the ransomware. When activated, the ransomware encrypts files on the system´s hard drive – locking them from the owner.
You – the owner – must then pay a ransom in order to decrypt the files. Once payment is received (it may be payment via bitcoin, an iTunes gift card, or other gift card you must purchase), the hacker releases the encryption key. This allows you to recover access to the files on the infected device or network. Because the ransom demands are for relatively small amounts in relation to the cost of replacing the inaccessible data, most victims pay up and do not report the crime. Consequently, it’s not known how many people and organizations have been victims of mobile ransomware attacks.
Mobile malware threats are growing
A few years ago, Consumer Reports relayed the news of a bogus app downloaded from Google Play (Google’s app store for Android phones). The article interviewed Daniel Padon of Check Point, a California cybersecurity company, who said, “The main issue here is the fact that such a severe threat managed to penetrate Google security and enter Google Play.” He said this malware was especially sophisticated, using a number of innovative evasion tactics to avoid detection. Some of the malware is uploaded to victims’ Google accounts, so even when they tried protecting themselves by restoring the phone to its factory settings, whenever they accessed any files they had previously stored in the cloud – the phone was re-infected.
Related: Cyber protection: How to guard your company against attacks and data breaches, part 2
Mobile ransomware prevention: How can you protect yourself?
Mobile ransomware prevention uses the same tactics you already use to protect your computers: The FBI recommends enabling pop-up blockers, using antivirus and firewall software from reputable companies and always backing up data. Remind employees includes never to click on links in any texts or emails, or download attachments they do not recognize and to avoid suspicious websites altogether.
Cybersecurity experts add these tips:
- Keep your device updated with both the latest operating system and the newest versions of mobile apps, in which known vulnerabilities have been fixed.
- If you’re an Android user, only download apps from Google Play. Yes, this one malware slipped through their defenses, but the app store remains much more trustworthy than other third-party sites.
- Install a security program that scans app purchases before downloading, to check for suspicious activity.
- Regular back-up is crucial. “If you ever thought that one day you finally would download and install that strange boring back-up software, today is the day,” said a Kaspersky official in an Insurance Thought Leadership article. “The sooner back-up becomes yet another rule in your day-to-day PC activity, the sooner you will become invulnerable to any kind of ransomware.”
- Before you download a file from the Internet, notice its extension (.mov, .pdf, .gif, etc.). If it’s supposed to be a PowerPoint file, but has an .exe extension rather than .ppt, it’s definitely malware.
- Update your software as soon as you’re notified. On your PC, most widely used programs (Flash, Java, Chrome, Firefox, Internet Explorer, Microsoft Windows and Office) have an automatic update feature. Keep it turned on, and don’t ignore requests from these applications for the installation of updates.
- If you’re really concerned about vulnerability, it’s best to use an iPhone. Apple can quickly push security updates to all cell phones, but Google doesn’t have that control over Androids, rendering them more susceptible to attack (the exception is Google’s own Nexus and Pixel phones).
More protection tips
Some experts say mobile ransomware isn’t yet as dangerous as the desktop version; it’s more likely to lock your screen than encrypt your files. “Simply resetting your device could set you free. If your files are encrypted, and if you regularly back up your device to the cloud or a separate device, you can most likely just wipe your entire device (thus removing the ransomware) and simply re-upload all of your apps and storage from the backup,” explained Kevin Haley of Symantec in a blogpost on SHI.com, adding that regular backups of your phone and other mobile devices should be part of a consistent mobile ransomware prevention routine.
“Just as with desktop ransomware, don’t pay the ransom on mobile ransomware,” he added.” It won’t necessarily make the ransomware go away, and it only incentivizes hackers to infect you again – if you paid once, you’re likely to pay again.”
This article originally appeared on Arrowhead’s corporate blogpost. It is used with permission and has been updated and modified to better fit the needs of NCC’s self-insured and other insurance clients.