Mobile Ransomware: The Next Step for Cybercriminals     

Targeting smartphones started to be increasingly appealing to cybercriminals as these devices become more and more important in users’ lives.

In 2021, 6.3 billion people owned a smartphone worldwide, according to Statista.com and it is expected that many of them nowadays use their smartphones also for remote work, online shopping, and banking. This leads to important data being stored on mobile devices or being accessible to a hacker if such a device is infected.

From these facts to ransomware created especially for your mobile devices, it was just a step. And what mobile ransomware may lack in terms of the amount of money demanded as ransom, it makes up when it comes to how wide such malware can spread – infecting thousands of people even for a few hundred dollars ransom.

In this article, you will find out how mobile ransomware works and spreads, and how can you protect your device.

What Is Mobile Ransomware

This type of malware essentially blocks access to your smartphone by locking your device’s screen or encrypting your data preventing you to use files and features. Access can be granted again after a ransom is paid.

The main goal of ransomware creators is to take as much money as possible from one attack and to achieve this they may leak data on the Dark Web, steal your contacts for further attacks, and so on.

Ransomware attacks made the decisive shift from your PC to your phone in 2014 with the Cryptolocker campaign that affected mobile devices on a large scale.

At the pick of this campaign our company was identifying up to 8,000 new Cryptolocker infections every day, but the numbers had dropped to almost zero following the global law enforcement effort.

Based on preliminary data, Heimdal reported that the operation against Cryptolocker was successful. The FBI has applauded our company for its technical support in locating the infection.

What Damage Mobile Ransomware Can Do

After infiltrating your phone, the malware will display a note to demand ransom to restore the functions and data on the device.

And even if losing your money is the prime consequence of a ransomware attack, you, as a user, and your mobile device can be affected in an additional number of ways:

Stealing data: once the threat actor has access to your list of contacts, he can also see names, addresses, phone numbers, and other information that can be used to send malware to other users or can be sold on the Dark Web.

Banking details and credentials: many times the main reason for a ransomware campaign is stealing users’ banking details and private information via mobile apps.

Data lost: after an attack, you may need to reset your device, in which case you can lose all your data from that phone if you don’t have a backup.

Abusing the functions of your phone: the malware can override certain functionalities of your phone making it impossible to use.

Changing the PIN code: some ransomware can reset your phone’s PIN code so you will not be able to open it.

Encrypting data: to make you pay a ransom the cybercriminal can encrypt the data on your phone and demand money in return for the decryption key.

How Mobile Ransomware Spreads

Ransomware can infect your phone effortlessly, only by a click on the wrong link or downloading a fake app.

Here are the most common ways mobile ransomware spreads:

• Fake apps: A user can be tricked to download malware instead of the legitime application by copy-cats websites that mimic the real website interface. The purpose of these illegitimate apps is to deploy malicious code into your device.
• Smishing: You can receive a text message with a malicious link that once clicked will infect your mobile device. The name of this method of spreading malware combines the words SMS and phishing.
• Infected websites: Sometimes visiting a compromised website is enough to get infected. And don’t think that keeping your searches on the most well-known sites will keep you safe, even the most popular sites have a history of malware problems.

How Can You Protect your Devices from Mobile Ransomware

Protecting your device against an attack is better than dealing with one when we talk about ransomware.

Here are a few measures that you can take to shelter your phone and your data, but remember that they work together and the best strategy is to implement as many of them as possible.

• Stay well informed: being up to date in the field of technology means knowing the latest malware evolution so you can get the right protection. Cybercriminals are always implementing new ways to get to their victims, so your cybersecurity practices have to keep up too.
• Back up your data: frequently backing up your data and keeping it on a cloud unconnected to the network can help you restore important information in case of an attack.
• Update everything: installing all your security patches and keeping all your apps and systems up to date can help you avoid threats like drive-by malware that can hide on popular websites.
• No fake applications: buy your apps only on legitimate app stores like Apple App Store (Apple devices) or Google Play Store (Android devices) and avoid shopping in third-party stores.
• Install a mobile security solution: if available, such a tool can alert and help you if your device has been infected.
•  Don’t click on it: avoid attachments of links in your emails or messages that raise any kind of suspicion.
• Keep administrator rights to yourself: don’t grant administrator privileges to another person or an application.

How to Deal with Mobile Ransomware

When your phone gets hit by a ransomware attack, paying the hacker off seems to be the first step to regaining access to your device and data. While paying a ransom does not guarantee that you will have your device unlocked, this will encourage cybercriminals to continue their illegal activities.

There are a few things you can do in case of mobile ransomware:

• You can boot your device into safe mode so then malicious apps can be uninstalled using the mobile device’s uninstall functionality.
• If the malware roots from your mobile device’s web browser and not from a malicious app it can help to back out of the threatening website.

Ransomware on Android Devices and iPhones

Both Android system devices and iPhones can be infected with mobile ransomware. Here are a few examples of the most successful malware campaigns.

• Cryptolocker: has infected both Apple and Android phones after evolving from PC malware.
• Doublelocker: has infected Android devices through a fake app. After installation, the malware changes the PIN of the phone and encrypts its main storage files.
• Worm.Koler: has infected Android devices mainly in the U.S. but in other 30 countries also. It spreads via SMS and once a device is infected the malware is automatically sent to all the contacts.
• ScarePackage: this ransomware attack had over 900,000 victims in only 30 days in late August 2014. Android users affected by this malware believed to download anti-virus software, but it actually was malicious code that locked their phones.
• Android.Locker.38.origin: spreading by social engineering, this malware locks your phone twice. Disguised as an update, once installed it asks for admin rights. The second lock is activated if the user tries to remove the malware.
• SimpLocker: targets Android users and spreads through unofficial download sites pretending to be “Flash Player” app. Victims are asked for a ransom between 200 and 500 dollars to regain access to their data.
• LockerPin: changing your PIN code, this malware leaves you with a locked mobile screen, demanding a $500 ransom to unlock it. But not even paying will give you back access, the PIN being changed automatically, in fact, the hacker does not know the combination. LockerPin spreads through an adults-only app.

How Can Heimdal® Help?

Heimdal® offers you a solution to keep all your device safe with Heimdal Threat Prevention.

It takes care of all the layers of protection by helping you to bypass threats, detect any anomalies, and block malware in your endpoints.

Our solution features the Darklayer GUARD™ filter, the world’s most advanced Endpoint DNS threat hunting tool, that works in tandem with VectorN Detection™ smart traffic pattern algorithms engine.

With AI-fueled technology, this solution will keep you always prepared by predicting what tomorrow’s threats will look like.

In terms of ransomware, installing a good anti-ransomware solution could save you a lot of time and money.

Heimdal® is offering its customers an integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).

Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.

• Blocks any unauthorized encryption attempts;
• Detects ransomware regardless of signature;
• Universal compatibility with any cybersecurity solution;
• Full audit trail with stunning graphics;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrapping Up…

Protecting your mobile devices is as important as protecting any other machine connected to the internet. Don’t ignore this gateway to your data and personal information and implement the same cybersecurity good practices and safety layers as on any other device.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.