How much of a threat is mobile ransomware?

With a number of ransomware variants turning up hidden in app stores, should businesses be concerned, and how should they protect themselves?

By Jo Best

Tue 10 Oct 2017 @ 12:00

The Petya/NotPetya and WannaCry ransomware outbreaks sent shockwaves through IT departments earlier this year after corporate systems and files were encrypted, locking organisations out of their data. And they're not isolated incidents: every week a new family of ransomware is uncovered which threatens users' PCs.

So far, most of the headlines that ransomware attacks have generated have been in connection with desktop hardware, rather than mobile devices. While both the severity and number of mobile malware variants have been growing in parallel with smartphones' functionality, mobile ransomware has to date largely gone under the radar for most users.

Mobile ransomware is a fairly new phenomenon, with the first variant thought to have appeared in 2014. Nevertheless, security researchers recently warned it's growing sharply: the volume of mobile ransomware detected reportedly rose 250 per cent in the first few months of 2017.

It's worth noting that only a handful of ransomware strains make up the bulk of that jump – Svpeng and Fusob have been singled out, for example – and that infections in general have been falling.

Mobile ransomware can work in one of two ways: it can encrypt the data held on the phone, or it can simply block user access to any of the device's functions. Both types of infection will look similar to the victim: they'll see a screen they can't navigate away from which demands payment before their phone will be unlocked.

Unlike desktop ransomware, mobile ransomware is most likely to infect a device when a user downloads a fake app. Mobile ransomware is often found in third-party app stores (and, extremely rarely, in Google Play) disguised as a benign app such as a media player. Once the app is installed, it will block user access to their files unless a ransom is paid.

There are some common elements between mobile and PC ransomware – particularly around how to protect against them. Mobile device users need to practice good security hygiene: installing apps only from trusted sources, making sure their OS is the latest version, and keeping all other apps suitably up to date.

Users should also be educated by their IT departments on how to recognise phishing emails or other communications that may be trying to spread ransomware, and should know to avoid sites that may host such malware. Equally, IT staff should ensure that the antivirus software on users' phones and tablets is up to the task of defending against mobile ransomware.

While mobile ransomware variants may still be relatively rare compared to those that target the desktop, falling victim to one can cause just as much grief.

Anyone who has left their phone at home and turned up at work to find it missing knows how difficult it can be to go without their handset for just a day; imagining that becoming a permanent state of affairs would distress most phone users.

Beyond that, mobile devices are rarely used just for personal matters: an encrypted device can lock an individual out of corporate files too, and provide an entry point to company networks and systems for the bad guys.

For many professionals, falling victim to mobile ransomware could mean not only losing photos of their children and holidays, but also losing access to the Q1 figures and the PowerPoint strategy presentation they were working on too.

Mobile ransomware may be a relatively low-profile threat compared to the desktop version, but there's no doubt it's still one worth defending against.