Ransomware and Mobile Devices

One moment, you’re surfing the Internet. A minute later, a pop-up shows your files have been taken hostage and that you’re required to pay a $300 ransom to have them released back to you. You stare at the screen in disbelief. How is this possible, especially considering you are on your mobile device?

Ransomware – malware that accesses your computer system and blocks access to your files until a ransom is paid to restore access all while stealing your payment information – has been becoming more prevalent among PC users. While these attacks typically focused solely on PCs, they are now adapting to include mobile devices. That’s right, the very same mobile devices you use to access your credit union accounts for checking balances, transfer funds and make payments.

An example of a Russian-based mobile device ransomware is called “Svpeng.” It focuses on tactics for infecting mobile phones and mobile banking applications. It infects the device with a phishing window when the application is opened. This overlay attack is used to steal online banking information as the malware pretends to be the application’s login screen. The user enters login and password information, which is then stolen by the hackers. Once they have access to the account, they can control the account. Svpeng also phishes through Google Play if that is on the mobile device.

This tactic also involves SMS messages being sent to two Russian banks to determine if the phone number of the device is connected to any payment cards. If a card is indeed connected to a number, the hackers use commands through the device to transfer the victim’s money into their own accounts. While Svpeng has currently been seen only in Russia, it is expected to expand into other countries; one of the features of the ransomware checks the mobile device’s language settings to determine the appropriate language to use for the attack.

As time goes on, other PC-based ransomware programs may also be adapted for mobile devices or more ransomware programs that are specifically designed for mobile devices may be created. Hackers are always looking for ways to evolve their tactics in hopes of stealing more information and making immediate profits. Svpeng, for example, had 50 modifications to its malware within a three-month period.

How does this type of malware get onto a PC or a mobile device? It could be through a “drive-by download” where malicious software is downloaded without the user even knowing about it. This happens as the user surfs the Internet without a care, yet comes across a compromised Web page or clicks to a website through an HTML-based email. It could have been downloaded through a phishing email, which appears to be from a credit union, yet is a fake email linking to a compromised Web page. The ransomware could also come through an email attachment that is malicious.

After the infection occurs on the mobile device or PC, the overlay or ransomware tactics are used as was described with Svpeng. That way the hackers can either directly steal the login and password information when the credit union account is accessed, or the user is blackmailed by a direct ransomware attack to send money to unlock the mobile device.

Many of the ways ransomware can be prevented from infecting a PC are the same for preventing on a mobile device. Make sure data on a mobile device is regularly backed up. This will help with recovering information if the device is hijacked. Make sure an antivirus program is running on the mobile device. Follow safe Web browsing habits. Block suspicious emails.

Don’t download data or apps from questionable sources. Don’t “jailbreak” a device where built-in controls and security features are overridden; this removes an additional layer of protection against ransomware attacks.

If you think your mobile device has become a victim of ransomware, you can try to remove it by running a virus scan through mobile antivirus software. Don’t pay any ransom because it won’t guarantee the release of your data and you are giving additional payment information to the hackers. If none of these work, talk with your mobile device or cellular provider and/or their tech support. Of course, notify your credit union to monitor your accounts for any potentially fraudulent activity.