The incidence of ransomware attacks on mobile devices has quadrupled since just last year according to cyber security firm Kaspersky Lab. There were 35,413 such attacks detected by the firm between April 2014 and March 2015. During the same period a year later the number had increased to 136,532 attacks.
Ransomware is a type of malware through which cyber criminals seize control of a computer, phone, tablet or other device. The original user is denied access to either some or all of the applications and files on that device until a ransom is paid. The US has the highest rates of attack with over 1 in 10 users being targeted by ransomware.
On mobile devices, the most common strategy is to simply lock a phone’s screen, effectively denying all access to the phone. Users with their files backed up can fix the situation relatively easily with a hard reset of the device. But those without a backup are forced to either pay the ransom or lose sensitive or irreplaceable stored data.
The skyrocketing rates of mobile ransomware attacks are due to several factors. First and foremost, victims have shown a willingness to pay the ransom. The rate of the ransom varies wildly but can be around $10 on the low end or thousands on the high end. Users unwilling to part with pictures, documents, and licensed software have been reliably willing to pay the ransom demanded.
From the cyber criminals perspective, the means of organizing and accepting ransom payments has become much easier with the rise of cryptocurrency like bitcoin. Funds can now be extorted from victims while bypassing normal channels, eaving little record behind. Others accept payment in the form of iTunes gift cards or other types of indirect transaction.
That has only exacerbated the challenge faced by law enforcement officials who have historically struggled to enforce cyber crime laws in a meaningful way. Most of the perpetrators of ransomware attacks operate with relative impunity. Most are also based outside the jurisdiction of major enforcement agencies.
In order to avoid mobile ransomware attacks, users are advised to only download apps from official app stores. It is also important to manually update the firmware on the phone to stay current with security measures. Finally, users interested in maximum protection should install additional safety measures designed specifically for mobile devices.
Considering the relative ease, safety, and effectiveness of perpetrating mobile ransomware attacks combined with the growing value of the stored data on phones, this particular cyber threat is not expected to decline any time soon.