WannaCry and NotPetya ransomware attacks in recent months have reignited concern over just how these threats occur. As a result, many leaders have reinvigorated their security efforts regarding computer vulnerabilities. However, they might be missing another big endpoint susceptible to ransomware, one you likely carry in your pocket right now.
Personal mobile devices like smartphones and tablets are becoming more acceptable in the workplace under BYOD or COPE policies, creating a major IT effort to govern this hardware appropriately. Unfortunately, mobile devices are much harder to control than desktops, and ransomware techniques are becoming more sophisticated to take advantage of unaware users. Mobile devices are increasingly being targeted by ransomware attacks, but employees and businesses simply aren't taking enough action to secure them.
Ransomware on the rise
While 2016 might have been declared the year of ransomware, it's clear that 2017 is following in its footsteps. Strains are frequently evolving and being sent out to infect the largest number of people possible. In the first quarter of 2017, more than 218,000 mobile ransomware files were detected, compared to only 61,000 in the previous quarter, according to an industry report. A large majority of these attacks – 86 percent – were caused by the Congur family of ransomware, which resets the device passcode to give the hacker administrator rights. Some of these strains are difficult to remove, making it possible for the attacker to take advantage of the device again in the future.
The rising use of mobile ransomware can no longer be ignored. Some hackers might ask anywhere from $100 to $500 to unlock devices, but there's no guarantee that they will follow through, and they could target you again. In 2016, hackers earned $1 billion through their efforts – no small price for organizations, considering the additional compliance and reputational consequences. Business leaders and employees must learn what mobile ransomware looks like, how it infects their systems and what they can do to protect themselves effectively.
Sophisticated techniques emerging
Users should always look for telltale signs of a malicious app, such as misspellings, unusual access requests and vendor information. However, hackers are getting much better at covering their tracks and making sure that users are convinced into downloading malicious files. As we've covered before, mobile ransomware can be disguised as a legitimate app in third-party app stores. It might appear as a popular game, video player or a system update. Visiting questionable sites, forums and spam links can also effectively infect your device. Fortunately, by sticking to vendor app stores – Apple App Store and Google Play – and observing safe surfing practices, you can avoid many of the ransomware risks.
Of course, it's never that easy, and some staff members might fall for hacking tricks. In this case, it's important to keep up with the latest ransomware trends and ensure that measures are in place to stop attackers in their tracks. LeakerLocker is one of the most recent techniques impacting mobile users. This strain threatens to send compromising or embarrassing personal data to everyone on the user's contact list, making a clear case to get the victim to pay.
LeakerLocker is significantly different from other ransomware, as it doesn't actually encrypt user data, but makes a backup of the phone's information instead to send out if demands aren't met. Trend Micro found the ransomware being carried in three applications in Google Play, which have since been removed. The programs may have been created by the same developer to infect more people and gain more money. The fact that LeakerLocker not only hid in legitimate looking applications and simply makes threats without encrypting the device is significant. It could set a new standard for mobile ransomware strains emerging in the future as WannaCry did with traditional ransomware methods.
"Take matters in your own hands to prevent any potential breaches."
Protecting against the inevitable
It's easy enough to sit around and believe that a breach won't happen to your employees or your devices, but as we've seen, it's only a matter of time. Rather than trusting in these assets, take matters in your own hands to prevent any potential breaches. Setting up comprehensive security training sessions should be your first initiative. Protecting company information no longer rests with the IT department; it's everyone's responsibility, particularly in mobile workplaces. Teaching employees about cyber threats will be critical to avoiding ransomware and other risks. Staff will be able to identify suspicious programs and observe safe mobile practices.
Business leaders will also want to create a mobile security policy and enforce it across the board. Gartner research revealed that one-third of organizations don't have a formal BYOD policy in place, and only 15 percent of respondents were instructed to adhere to a BYOD policy. Some participants also admitted that they weren't aware of what steps they should take in the event of a mobile security incident. This is a major problem, as events can go unreported, leaving systems vulnerable to more damage. Create a specific plan of action for what to do if ransomware infects a device. This could include wiping the device and restoring it through archived backups. Staff will feel more confident in their actions and will be able to recover more effectively.
Ransomware is becoming a force to be reckoned with, and organizations must not forget to account for mobile devices in their security plan. To learn more about how to effectively protect your mobile devices against emerging ransomware, contact Trend Micro today.