There’s been a scary increase in successful ransomware attacks against large organizations this year. Specifically, hospitals have found themselves at the mercy of hackers who demand ransom payments to unlock critical system files. Recently, there have been signs that these criminals have moved on to universities, too. The University of Calgary admitted to Canadian media last month that it paid $20,000 ransom “to address system issues.”
But individuals have something new to worry about. A new report from Kaspersky Lab says its detection rate for mobile ransomware — malicious software targeting smartphones and demanding ransoms — quadrupled in one year.
It’s easy to see why phone ransomware would work. Consumers fly into a panic when their phone battery dies; imagine what it’s like to see a message saying your phone is locked, and a $100 payment is required to unlock it.
Kaspersky says some ransomware criminals simply require that mobile victims type in an iTunes gift card number to free the device. I’ve written recently about the increasing use of Apple card payments for fraud.
A combination of easy, anonymous payments and off-the-shelf copycatting software tools makes mobile ransomware a new and potentially dangerous threat, both to consumers and to the companies that employ them.
Rising tide of attacks
The numbers tell the story: From April 2014 to March 2015, Kaspersky Lab security solutions for Android protected 35,413 users from mobile ransomware. A year later the number had increased almost four-fold to 136,532 users.
It’s unclear from the report how users encounter mobile ransomware in the first place, though at least some get it when visiting porn sites and are tricked into downloading and installing malicious software.
“The extortion model is here to stay,” Kaspersky says in its report. “Mobile ransomware emerged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone. These could be connected devices: like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time.”
What to do
Kaspersly offers these tips to consumers:
Back-up is a must: If you ever thought that one day you would finally download and install that strange boring back-up software, today is the day. The sooner back-up becomes yet another rule in your day-to-day PC (or smartphone) activity, the sooner you will become invulnerable to any kind of ransomware.
Use a reliable security solution: And when using it do not turn off the advanced security features which it most certainly has. Usually these are features that enable the detection of new ransomware based on its behavior.
Keep the software on your PC up-to-date: Most widely used programs (Flash, Java, Chrome, Firefox, Internet Explorer, Microsoft Windows and Office) have an automatic updates feature. Keep it turned on, and don’t ignore requests from these applications for the installation of updates.
Keep an eye on files you download: Especially from unrecognized sources. In other words, if what is supposed to be an mp3 file has an .exe extension, it is definitely not a musical track but malware. The best way to be sure that everything is fine with the downloaded content is to make sure it has the right extension and has successfully passed the checks run by the protection solution on your device.
Keep yourself informed: Cyber-crooks are constantly changing their approach to lure their victims into installing malware.
More from Bob Sullivan: