For years now, cybersecurity experts have reiterated time and again that it was only a matter of time before smartphones would become a target for major cyberattacks like ransomware. The facts are that most people use smartphones and most of these devices aren’t really protected with active antivirus software. It stands to reason that ransomware is developing into a major trend in mobile cybercrime. Since ransomware is the grand-daddy of threats, keeping it off your systems is essential.
What is Mobile Ransomware?
Ransomware, as we know it today, is basically when a hacker is able to gain control over a computer or network and effectively hold it for ransom. Users fail to have access to the controls or data on the infected system, and if their system isn’t backed up, they have a tough decision to make. Either give up your data forever, restore from a backup, or pay the ransom and hope you get your files back.
There are literally billions of smartphones in service in the world and most of the world’s computing takes place on mobile devices. That’s a lot of data to steal. People’s most private conversations happen on their smartphones, business data is shared freely; the perfect pond for hackers to phish from.
And that’s precisely what they do.
Phishing’s Role in Ransomware Deployment
Phishing is the number one delivery method of malware as it is the go-to hacking strategy for millions of scammers worldwide. Engaging with a mobile phishing attack is much easier than you think. All it takes is a couple of wrong moves strung together and you can be phished. Phishing can come from any form of communication: phone call, email, text message, from social media, and even through the postal service.
How Mobile Ransomware Works
Fortunately, and with the help of some of the best security coders in the world, most mobile platforms remain impressively secure. In terms of the mobile ransomware that is out there, most are just scams that allow hackers access to your device’s cloud storage, lock it down, and then message you demanding payment. One iPhone scam that was carried out gained access to Apple’s Find My Phone feature that allows users to remotely lock the device. The scammers wanted a pittance of $100 to unlock the device resulting in many people paying them off. Hackers that gain access to an iOS account can create new iCloud accounts and move all data into it until a ransom is paid.
On Android, there are more traditional methods. All of them start with phishing. The biggest one by far was ScarePackage that hit 900,000 Android smartphones in 30 days. Effectively, it was deployed through a fake app and it would immediately lock the device with a message that threatened that the FBI had locked down the device and the only way to get it back was to pay. Obviously, the FBI isn’t extorting people, so these hackers used traditional methods such as promoting action through fear and did it at an alarming rate.
How to Defend from Mobile Phishing
Let’s take a look at a few things you need to know about mobile phishing:
- The message you get will confuse you – Phishing emails through a mobile device can come in many different fashions. That’s the beauty of these devices, they can be your telephone, your work phone, your email and work email, your social media and collaboration, and any other platform you use to communicate with people. Most mobile phishing messages that could carry ransomware or other dangerous threats will come through text messages or messaging apps asking you to click on a link in the messages. This can sometimes be from people in your contact information so be careful not to click on any mysterious links from people you don’t intimately trust.
- English may not be their strong suit – For the English-speaking public, bad grammar is a way of life nowadays, but typically professional correspondence will be written professionally, proofread, and edited. If you are receiving carelessly-worded messages from people you don’t typically get messages from, you have to be skeptical that it is anything other than a scam.
- The tone of the messages is aggressive – If you work in any business, you’ve probably received messages from frustrated parties. Whether they be customers complaining about something or other, coworkers trying to beat a deadline, or management exasperated about a decision that was made that they didn’t approve of, people know when people demand action. Almost every phishing message will demand some type of action and they often do it with coercion through fear.
At SRS Networks, one of the responsibilities we’ve taken on is as a training consultant. Every organization has to give their staff the knowledge and tools needed to keep these phishing threats from having a negative effect on their ability to operate effectively. Cybersecurity is extremely important nowadays and if you want to have a conversation about how to improve your security training platform, give us a call at (831) 758-3636.