Protecting Your Mobile Phone from Ransomware [PART 2]
July 9, 2015
By Greg Wasson, End Point Security Program Manager

As consumers increasingly turn to their mobile phones for shopping, banking, working and internet browsing, cybercriminals have similarly begun to evolve their tactics to keep up with the growth in mobile phone usage. 

Most of us think of a desktop computer when we hear of a data breach such as a ransomware attack but there is an ever-growing possibility that mobile phones can also be infected. And though a ransomware attack on a PC and a mobile phone look and act differently, the goal remains the same– to capture a user’s data and hold it for ransom. Read the first part of this series “Protecting your PC from Ransomware.”

Infecting someone’s mobile phone is much more difficult than infecting a PC. Instances of mobile phone ransomware are rising, but executing a ransomware attack on a mobile phone is more difficult as it requires a user to download and run an executable application.

A mobile phishing attack starts with the same type of social engineering as PC attacks do. They often appear with a message purporting to be from a reliable source prompting you to download a file, however the delivery mechanism is different than on a PC.

In order to infect your smartphone, an attacker has to present the user with an application, and the user must opt to run the app, which will then lock the user out of the phone or encrypt the information and demand payment to retrieve it.

This is difficult to do on a mobile phone because Android and iOS -- the most popular smartphone operating systems -- will not allow an app to download unless it is from Google Play or Apple App Store.

Unless you are using a rooted or jailbroken phone, an app would have to survive the very difficult process of making it through Apple’s App Store credentials or the user would have to disable the default setting on Android that prevents unknown applications from downloading.

An infected mobile phone app certainly has more barriers to overcome than a phishing attack on a PC, but it is important to remain aware of the possible threats on mobile devices as well.

What you can do to protect yourself:

  • Do not use a rooted or jailbroken phone.
  • Do not download any applications that you do not recognize or are not a verified app from the store.

By educating yourself and remaining vigilant of new and emerging threats, you can protect yourself from these common cyberattacks.

 

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.