How Ransomware Went Mobile
Mobile ransomware is following the path of replicating the success that PC-based ransomware has had in extorting money from individuals and organizations. So it’s no surprise that the number of mobile ransomware variants detected in Q1 2016 grew 45% compared with Q4 2015.
Mobile ransomware has become more complex and malicious in the way it works as it frequently imitates attack behaviors and trends that were first trialed and proven to work on PCs. From screen-blockers, malware posing as an anit-virus, cryptolocker-style malware, and pin locking malware; mobile ransomware can be a costly vulnerability that could cost your organization thousands of dollars.
What Devices Are Vulnerable To Ransomware?
Mobile ransomware currently targets Android devices almost exclusively as iOS devices need to be jailbroken in order to download apps from outside Apple’s App Store. iOS isn’t completely in the clear with the recent discovery of KeRanger, the first ransomware targeting Apple Macs; expect to see ransomware targeting iOS devices soon.
Mobile ransomware currently focuses on locking users out of the device, because the mobile operating systems do not allow malware to access all the device’s areas of memory or storage. However, all it takes is a hacker to trick the user into granting admin privileges, for example through an infected media player, and then they effectively have complete control of the device. Ransomware is particularly nasty as it holds your devices hostage and allows for hackers to directly extort money from victims. It can also be very difficult to remove the malware because the device is locked and therefore inaccessible to users. We have seen a dangerous rise of ransomware in the beginning of 2016, especially in thehealthcare industry, and with more and more mobile devices in use, organizations must be secured.
Preventing Mobile Ransomware
The safest way to avoid mobile ransomware is to avoid jailbreaking the device, particularly avoiding the opportunity for malicious apps or attachments gaining unauthorized privileges to the device. For enterprises, this can be a very tough task to enforce with so many devices being used by employees. Enterprises with an MDM solution are able to identify when a phone has been deliberately rooted by a user, but not when it has been rooted by malware – and some more advanced malware can disguise itself against such inspection. A more effective approach is to add mobile threat defense which continuously detects and prevents malware from gaining unauthorized access to the device.
Better provides an on-device agent that is not reliant on an internet or MDM connection to run. This agent continuously analyses the entire device to uncover system vulnerabilities (malware, OS exploits) and unusual behavior (jailbreaking). Should an attack be detected, it automatically remediates the issue, taking local action to remove the threat instantly and reliably. Your employee will be unable to ignore or access sensitive work information until the threat is gone and the device is safe.
Once infected by ransomware, it’s already too late. Through Mobile Threat Defense, you can put your company and employees ahead of a potential attack. Ransomware starts with a bad actor gaining root privileges for the hacker. Our agent acts as a shield that doesn’t allow the bad actor to perform its intended malicious function. When it comes to mobile ransomware, prevention is by far the best protection.