By Sue Poremba
At the end of 2011, Derek Manky, senior security strategist with Fortinet’s FortiGuard Labs, and his colleagues predicted that it was just a matter of time until ransomware would hit mobile devices.
“It seemed like the natural evolution path for criminals to take at that time,” he said. “To my surprise, this has taken longer than expected. We are just now seeing ransomware in its early adoption.”
Ransomware is malware that, when installed on a device, can be locked down from remote locations by cybercriminals. Usually, ransomware appears to be an official warning telling the user that the computer has to be locked because it showed illegal activities and payment is necessary to access files. On computers, ransomware is most often seen as FakeAV, informing users that the computer has a virus and they need to download specific software to erase it.
In June, the first piece of known ransomware hit the Android platform as Android.Fakedefender. There are other examples of ransomware emerging. For instance, Android.FakeAV.C, a variant targeting Android users in Asia, looks like an anti-malware program, trying to trick users into downloading it and then demanding payment to restore user control of the device.
“There's another app variant that poses as a legit security app on
McColgan said that cybercriminals are looking for a number of things when they install Ransomware: passwords, contacts, photos, videos, bank records, email -- you name it.
“Any personal information you have on your phone or tablet that you would prefer not to escape into the wild is a potential target. And most of us have something that would fall into this category,” he said.
Ransomware is only appearing on the Android platform right now because users are able to download apps from third-party app stores, explains Dodi Glenn, director of AV Labs at ThreatTrack Security. With
But for Android users, the arrival of ransomware has increased the security risk for personal data, particularly credit cards and financial information. Experts disagree about whether ransomware will require a new layer of security for BYOD.
“As of now, no, mobile ransomware is not a threat to BYOD because cybercriminals aren’t looking to steal sensitive data,” Glenn said. “More than anything, mobile ransomware can be an annoyance for IT admins if they are stuck helping employees remove the threat from their phones.”
McColgan disagreed. “Any software that has the potential to hold your assets hostage is a threat,” he said. “Since more of us are using our own devices at work, we can access our work email through our mobile devices. Think of all the intellectual property you have trapped within your emails. Yes, this is a legitimate threat to BYOD security, but more importantly, it's a threat to your company's security and IP.”
It is best to remember that in many ways ransomware is just like any other computer infection, but it can be potentially worse since it can cause permanent damage, such as deleted files and files that become encrypted forever. Mankey emphasized it's imperative that users and corporate networks always take steps to protect themselves and their devices.
