Ransomware Has Gone Mobile
Smartphones have managed to hold out against ransomware a bit longer than other hardware and operating systems, but those days are coming to an end. It’s important to remember that the average smartphone is not protected with antivirus software and thus remains threatened by your standard ransomware attacks. It is absolutely critical that your business doubles down on its protection against ransomware, especially in the mobile market.
Defining Mobile Ransomware
Ransomware is defined as a malware that gives a hacker the ability to control a computer or network and hold it for a ransom. Users lose access to the controls and data that allows the system to function, and the only reprieve in most cases is to restore a backup of said data. Users have to decide whether they want to lose access to that data, restore the data from a backup, or pay the ransom in hopes that the hacker will honor their word and restore access.
Think about the number of smartphones which exist in the world today and the fact that most computing these days happens from mobile devices. With so much data to steal and devices to tap, it makes total sense for hackers to focus their efforts on mobile devices.
Phishing Plays an Important Part in Ransomware Infections
When it comes to malware dissemination, phishing attacks are hackers’ go-to methods of infection. When you think about how easy it is to slip up and click on the wrong link, you’ll realize that phishing is a very real threat to your organization and your data. Phishing can come in many different forms, too, adding to the stress. Will the hacker call you on the phone, send you an email, text you a link, contact you through social media, or even send you a physical mailer? It can be quite overwhelming.
How Does Mobile Ransomware Work?
Most mobile platforms remain remarkably secure even against the potent threat that is ransomware. Most scams resort to targeting the device’s cloud storage, locking it down, and demanding a ransom in the process. One particular iPhone scam uses the Find My Phone feature that allows the user to remotely lock the device. Scammers only wanted $100 to unlock the device, and with such a low asking price, people are of course going to pay up rather than go through the hassle of involving the authorities or other professionals. Hackers who gain access to an iOS account can even use the information to create new iCloud accounts and move all data into these new accounts until the ransom is paid.
Threats which target Android are similarly problematic, and they all start with phishing. The most dangerous one was called ScarePackage that targeted 900,000 Android smartphones over the course of 30 days. It was deployed through a fake app that could lock down the device and threaten that the FBI was the one responsible for doing so with the only solution being to pay a ransom. The FBI isn’t in the business of extortion, so this is a simple case of coercion and fear manipulation by hackers.
How You Can Protect Your Devices
Let’s examine some things you need to know about mobile phishing schemes.
- The first warning sign is that the message will make you do a double-take. Phishing scams can come through a variety of mediums, including email, telephone, social media, and so on, be it for work or personal use. Mobile phishing messages can come through text messages asking you to click on links. These messages will seem random and out of place, so that is the first hint that something is out of the ordinary here.
- Look for spelling and grammar errors. Professional correspondence has a certain look and sound to it, like the sender has taken some time to proofread and edit it. If you receive sloppy messages from strange senders, be wary of the message.
- The messages might seem a bit aggressive. It’s one thing for a message to come off as frustrated, but another entirely when the person on the other end of the message demands immediate action. This is often a telltale sign of phishing messages; they urge people to make fast, irrational decisions through fear tactics and threats.
Indevtech knows how to combat the countless types of cyberthreats out there, phishing and ransomware included. We can use our knowledge to implement high-quality technology tools and to educate your team on how to make the best decisions possible with their technology. To learn more about what we can do for your business, call us today at (808) 529-4605.