Mobile Ransomware is a malware used by cybercriminals to attack mobile devices. Such an attack is intended to steal sensitive data from a smartphone or lock a device by demanding the payment of a ransom to return the data or unlock the device.
Sometimes, users are tricked into downloading mobile ransomware through scams, fake social media links and attachments to make them believe they are downloading valuable content or harmless software.
The amount of damage a ransomware attack against a network can cause is well known. We've seen the stories about hospitals, universities and governments going offline and threats to organizational and consumer information.
However, the focus of ransomware remains almost exclusively on network attacks. But the time has come to look at protecting mobile devices against ransomware. This is not the next attack vector for ransomware gangs, but an attack vector they are already using, but few are paying attention to.
Mobile malware affects everyone
Nearly all organizations encountered some mobile malware threat in 2020, according to Check Point's Mobile Security Report 2021. The report also notes that four in 10 mobile devices are vulnerable to cyber attacks and that nearly half of those cases involved an employee downloading a malicious app.
Cybercriminals continue to evolve and adapt their techniques to exploit the growing reliance on mobile devices. And more complex threats are on the horizon.
Cybersecurity professionals knew that threat actors would target mobile devices ever since BYOD (bring your own device or 'bring your own device') became a buzzword, and they also knew that ransomware would evolve over time, following users from their desktops and networks connected to mobile devices.
Security teams have been fighting the battle of mobile ransomware on Android and Apple devices for nearly a decade.
Ransomware, as of 2013, was targeted exclusively at individuals; that proved lucrative enough. Then the focus shifted almost exclusively to organizations, and then large ransom payments came into play.
Given that so much of our digital lives take place on our cell phones, mobile ransomware represents a way to extract money.
Consequences of mobile cyber-attacks
The impact of cyberattacks on mobile devices can be enormous.
| Compromised data | Identity Theft | Loss of reputation |
| Critical business information and confidential information is lost | Cybercriminals impersonate the user and gain access to business data | Loss of customer trust and, as a result, diminished brand reputation |
More sophisticated attacks to come
Ransomware is all about money, as the motivation of the attackers is usually financial; the consequences, in turn, are that individual devices are compromised and victims must pay the requested ransom if they do not want to lose access to their device's file system.
In the early days of mobile ransomware, threat actors didn't even have to encrypt anything; pretending to encrypt the device's file system was enough to reap the rewards. Mobile device users were so surprised to receive the ransomware warning that they often paid up without a second thought. Those days are over, but not because users have become wiser to check whether their data was, in fact, locked.
Instead, (and not surprisingly) attacks have become much more sophisticated. We are seeing an increase in the prevalence and sophistication of these attacks, likely in response to the success of other non-mobile ransomware attacks in recent years. It is possible that a threat actor may attempt to gain access to corporate data, assets or infrastructure through such an attack in the future, rather than simply trying to extort money from an unsuspecting user.
Targeted mobile ransomware victims have tended to be the average user; essentially anyone the attacker can convince to install their application. This differs from network-targeted ransomware attacks, which tend to be larger in scale and cause more collateral damage to organizations and many individuals.
In today's mobile ransomware landscape threat actors seem to be purely interested in making money from unsuspecting victims, either by blocking access to necessary files on the device and demanding payment for their recovery or by pretending to deny access to those files.
Mobile ransomware, like all types of ransomware and cyber attacks, will only become more sophisticated. Attackers and ransomware gangs know that the line between online and mobile is blurring, and mobile devices are likely to have as much access to organizational data as they do to personal data.
How to protect against mobile ransomware
Let's look at some ways to protect mobile devices against ransomware.
The best way for mobile device users to mitigate the threat of mobile ransomware attacks is to be aware of the types of applications they are installing on their devices:
- do not download anything from unverified application stores
- do not download applications shared on social networks
- Consider installing a mobile antivirus that can help detect known ransomware families (and other malware) if downloaded or installed on a device.
Organizations and their cybersecurity teams can help prevent these types of attacks by educating their users about device compromise and considering an enterprise-wide mobile security strategy for any employee whose devices connect to the corporate infrastructure.
Any individual's device that grants a threat actor access to a larger network or corporate assets is at risk, meaning that nearly every mobile device could be the vector for an organization's ransomware attack.
Summary
Once the malware enters a device, it will trigger a fake message pop-up window accusing the user of illegal activity before encrypting the files and locking the phone. The ransom payment demand is via Bitcoin. Upon receipt of the ransom, a decryption code is sent for data recovery.
Therefore, organizations and their cybersecurity teams must step up their security strategy and solutions to prevent these cyberattacks.
One effective way is to educate users about device compromise and the various ransomware attacks.
In addition, it is recommended to implement an enterprise-wide mobile security strategy for every employee whose devices connect to the corporate infrastructure.
