Mobile ransomware: How to defend against attacks on your phone
With attacks like Petya and WannaCry locking up devices across the globe, it’s hard not to pay attention to ransomware. Still, one major area of this growing threat is often ignored.
Mobile ransomware is the fourth or fifth most common type of mobile malware. Just like desktop ransomware, these attacks can lock your screen, encrypt your files, and even force you to buy a new phone.
Nowadays, smartphones hold more personal, private, and even corporate information than any of your other devices, so it’s important to be mindful of the threats that could harm them, including mobile ransomware. Here’s how to keep your, and your employees’, most valuable devices safe.
What is mobile ransomware?
Mobile ransomware, like its desktop counterpart, is a type of malware that renders your device useless unless you pay a fee to the group or person that created the malicious code. The difference for mobile ransomware is its targets. Rather than going for your computer, mobile ransomware comes after your phone and tablet.
When ransomware first began hitting computers, it would often appear as a notice from the FBI or a division of the police, locking your computer for illegal download of files or other crimes. Instead of going to the police, you could simply pay a fine right from your computer, and unlock your screen. Of course, these messages weren’t really from law enforcement, but the ruse was convincing enough that victims paid up.
Mobile ransomware has been following in the footsteps of its older brother, using lock screens claiming to be from the police or FBI, demanding a “fine.” Just like with desktop ransomware, newer versions have begun to surface, moving away from locking the screen to encrypting files found on SD cards. In both cases, the device becomes impossible to use until you either remove the ransomware from your system, or unlock it by paying the ransom.
Technically speaking, any mobile device could be infected with ransomware. Tablets, Smart TVs, other internet-connected devices, and even cars could at some point fall prey to ransomware. Phones have historically been the target, as they’re the device users are most willing to pay to get back. Android devices in particular have been vulnerable, but anything with an operating system could be at risk.
How to prevent mobile ransomware infections
When it comes to ransomware prevention on mobile devices, it’s important to understand how it gets onto these devices.
Unlike regular ransomware, where a bad link or attachment is often spiked with the ransomware bug, the malicious codes for mobile devices are often hidden within apps. For some, the app itself is the ransomware. For others, it’s wrapped inside the code of a legitimate app. To avoid downloading mobile ransomware through apps, there are three important steps you can take:
- Stick to Google Play and the App Store. Buy your apps from a legitimate app store—like the Google Play Store or Apple’s App Store—rather than a third-party market. For employers, this might mean implementing MDM controls that limit where users can purchase apps. This type of control is more important with Android devices, since you can get apps from a variety of places.
- Pay attention to permissions. If you download an app that’s supposed to be a single-player racing game, and it asks you for access to your contacts, it’s possible that something suspicious is going on. This game should have no reason to go into your contact list, unless it intends to send spam and spread its ransomware further. Training yourself or your employees to recognize invasive permissions requests can save you from spreading malware throughout your company.
- Install security. Your mobile security should be just as important as your desktop security, especially when it comes to company-issued devices. For the best protection, implement a security program that scans app purchases before downloading, rather than after, to check for any suspicious activity. Once it’s on the device, it could be too late.
How to remove mobile ransomware
Mobile ransomware isn’t yet as dangerous as the desktop version. The mobile breed is more likely to lock your screen than encrypt your files, and simply resetting your device could set you free. If your files are encrypted, and if you regularly back up your device to the cloud or a separate device, you can most likely just wipe your entire device (thus removing the ransomware) and simply re-upload all of your apps and storage from the backup. However, this means that regular backups of your phone and other mobile devices should be part of your routine.
Just as with desktop ransomware, don’t pay the ransom on mobile ransomware. It won’t necessarily make the ransomware go away, and it only incentivizes hackers to infect you again – if you paid once, you’re likely to pay again.
Fighting mobile ransomware
While mobile ransomware isn’t as prevalent as its desktop counterpart, it remains a threat to your devices and your business. Don’t wait until a large-scale ransomware attack on mobile devices to prepare yourself. Getting ahead of the game is the best way to prevent a devastating attack on your devices.
About the author
Kevin Haley is Director of Product Management for Symantec Security Response where he is responsible for ensuring the security content gathered from Symantec’s Global Intelligence Network is actionable for its customers. This includes educating customers on security issues and incorporating the security content into Symantec’s enterprise and consumer product lines. The valuable security data provides the basis for protecting customers against complex Internet threats and other security risks.