There’s been a scary increase in successful ransomware attacks against large organizations this year. Specifically, hospitals have found themselves at the mercy of hackers who demand ransom payments to unlock critical system files. Recently, there have been signs that these criminals have moved on to universities, too. The University of Calgary admitted to Canadian media last month that it paid a $20,000 ransom “to address system issues.”
But individuals have something new to worry about. A new report from Kaspersky Lab says its detection rate for mobile ransomware—malicious software targeting smartphones and demanding ransoms—quadrupled in one year.
It’s easy to see why phone ransomware would work. Consumers fly into a panic when their phone battery dies; imagine what it’s like to see a message saying your phone is locked, and a $100 payment is required to unlock it.
Related story:Your money or your data: Ransomware attacks leave everyone vulnerable
Kaspersky says some ransomware criminals simply require that mobile victims type in an iTunes gift card number to free the device. I’ve written recently about the increasing use of Apple card payments for fraud.
A combination of easy, anonymous payments and off-the-shelf copycat software tools makes mobile ransomware a new and potentially dangerous threat, both to consumers and to the companies that employ them.
The numbers tell the story: From April 2014 to March 2015, Kaspersky Lab security solutions for Android protected 35,413 users from mobile ransomware. A year later the number had increased almost fourfold to 136,532 users.
It’s unclear from the report how users encounter mobile ransomware in the first place, though at least some get it when visiting porn sites and are tricked into downloading and installing malicious software.
“The extortion model is here to stay,” Kaspersky says in its report. “Mobile ransomware emerged as a follow-up to PC ransomware, and it is likely that it will be followed up with malware targeting devices that are very different from a PC or a smartphone. These could be connected devices: like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time.”
Kaspersky offers these tips to consumers:
- Back-up is a must. If you ever thought that one day you finally would download and install that strange boring back-up software, today is the day. The sooner back-up becomes yet another rule in your day-to-day PC activity, the sooner you will become invulnerable to any kind of ransomware.
- Use a reliable security solution. And when using it, do not turn off the advanced security features, which it most certainly has. Usually these are features that enable the detection of new ransomware based on its behavior.
- Keep the software on your PC up-to-date. Most widely used programs (Flash, Java, Chrome, Firefox, Internet Explorer, Microsoft Windows and Office) have an automatic update feature. Keep it turned on, and don’t ignore requests from these applications for the installation of updates.
- Keep an eye on files you download from the internet, especially from untrusted sources. In other words, if what is supposed to be an mp3 file has an .exe extension, it is definitely not a musical track but malware. The best way to be sure that everything is fine with the downloaded content is to make sure it has the right extension and has successfully passed the checks run by the protection solution on your PC.
- Keep yourself informed of the new approaches cyber crooks use to lure their victims into installing malware.