The majority of ransomware attacks target desktop computers, servers, and high-value storage networks — but in recent years, a growing number of attacks have targeted smartphones and other mobile devices, including tablets and smart watches.
Which is more likely: for ransomware to infect an iPhone or an Android phone?
As of this writing, all known mobile ransomware has targeted Android-based smartphones and tablets. This is because iOS devices such as iPhones are highly resistant to malware. However, some malicious users have taken advantage of flaws in the iOS operating system to trick users into believing that their devices have been infected with ransomware. In most of these specific cases, the “ransomware” does not exist.
While Android mobile operating systems include safeguards to protect users from malicious software, those safeguards have their limitations, particularly when attackers use social engineering to trick users into downloading files from malicious websites.
Here are some notable recent Malware occurrences:
When the Koler “police” ransomware first appeared in 2014, it spread through pornographic networks. The way this particular ransomware is works is by tricking customers who use Android devices into downloading an infected fake.apk file, which encrypts their files and demands a ransom of anywhere from $100-$300 from the victim. Koler is believed to have infected more than 200,000 Android devices, according to some estimates noted online.
This particular program is a Trojan horse that attacks Android devices, altering their PINs and encrypting data contained on the device to prevent it from being accessed by others. It is usually distributed in the form of a bogus Adobe Flash Player. Victims are tricked into granting the malware administrator rights and permissions on their computer systems.
AndroidOS/MalLocker.B is a malware that uses social engineering to trick users into installing bogus versions of popular games and apps. As an alternative to encrypting files, this ransomware family disables the user’s ability to access their device by forcing a ransom note onto every screen over top of running applications.
To keep your phone safe from ransomware, these are some pretty effective precautions.
1. Make a copy of your phone’s data.
The best practice is to keep at least three copies of each important file on your computer. Even a single backup, on the other hand, will provide significant protection — provided that your backup is not susceptible to infection.
Manually backing up data on an Android device is made simple with this guide from Google. This guide will walk you through the process of using iCloud on your Apple iPhones and iPads. In addition to cloud backups, you should consider regularly copying important data (such as pictures, videos, and contacts) to your PC or Mac to ensure that the data is properly protected.
2. Maintain the functionality and update the software on your device.
Malware frequently spreads by exploiting security flaws in mobile applications or the operating system that they are installed on.
Check to see if your phone’s operating system is updated on a regular basis. On Android devices, follow this guide for enabling automatic updates; on iOS devices, follow this guide for enabling automatic updates.
3. Installing apps on your phone is not recommended unless the program source can be verified.
The majority of Android ransomware variants infect devices by disguising themselves as free games, utilities, or video players, among other things. These .apk files from unknown sources are automatically blocked by the Android operating system by default, but users can choose to turn off this protection if they wish.
When in doubt, avoid downloading .apk files through your phone’s web browser and never open email attachments if you aren’t completely confident in their contents. Installing apps from the Google Play store or another trusted app store is the only way to go to save yourself from this particular risk.
If you must manually install an .apk, make certain that the source is one you can trust. Check to see if the website’s security certificates are still valid. Following the installation of the app, navigate to Android Settings -> Biometrics and Security and restore the “Install unknown apps” settings to their default values.
It is also recommended that Android users enable automatic updates for apps that have been downloaded from the Google Play store. This can ensure that you don’t have old apps that may have security issues.
4. Have an action plan ready if your smartphone becomes infected with ransomware.
If you suspect your phone has been infected with malware, make a list of any symptoms you notice, as well as any actions you may have taken that may have contributed to the infection (such as downloading an APK file or downloading email attachments). A ransom note may appear on your phone; if this occurs, take a picture of it with another device or write it down in its entirety.
There are decryption tools available for many of the most common Android ransomware variants. For those who are familiar with the Android operating system and are looking for free decryption tools, NoMoreRansom.org is a reliable source of information. Also, be sure to check out our data recovery service page.