Although it’s not as common as ransomware on computers, mobile phone-based ransomware is out there. A recently developed strain of SMS ransomware spreads the instant it’s clicked. It gets onto the victim’s phone, finds any and all contacts and sends all of them a personalized text message, telling them there are compromising pictures of them on an application and providing them with a link. If the recipient of the text clicks the link, not only are all their contacts now sent the same message, but their phone is encrypted and a ransom note is displayed, requesting $94 to $188 in Bitcoin to un-encrypt their data. If they refuse, all their data is at stake of being deleted after 72 hours.
Other than always doing your research before clicking a link in a text – just like you should with emails – what else can you do to prevent ransomware from infecting your phone?
WiFi and Bluetooth:
Ensure that you have the proper settings configured so that your phone doesn’t automatically join unfamiliar WiFi networks or automatically pair to devices over Bluetooth. Never send sensitive information over public or un-secured WiFi networks.
Only download applications from your device’s official app store, and even then, ensure that the app is from a known developer and has many positive reviews. Don’t download apps that require excessive privileges that they don’t need to perform functions the app offers. Always keep your apps updated to ensure they’re using the latest security protections. Don’t continue to use applications that are no longer supported by your app store – delete them.
Never click on any ads or offers that appear too good to be true – they will often take you to a phishing site to take your personal information or get you to download a malicious payload. Don’t save your login information with your web browser – use a password management tool, like LastPass. Also, ensure that you’re paying attention to URLs and if they’re secure or not.
Don’t give away personal information requested by text. Just like with an email, always think before you click a link. If you did not request that link, then you should question why you are receiving it.
Never give away personal or financial information over the phone – unless you were the one that called them, you got the phone number from a legitimate source, and you’re speaking with a live person.
Check out Are you an easy target for phishing emails? for details on how to spot the difference between a phishing email and a legitimate email. When checking the validity of a URL on your mobile device you can press/hold a link to see where it will direct you instead of hovering over it, like you would with your cursor on a computer.
A lot of keeping yourself safe from a ransomware attack on your phone or computer comes down to security training and education. It’s easy for people to be caught off-guard when they don’t know what red flags to look out for. For information on our cyber security training services, contact us!
Are you interested in learning more about all of our security offerings? Click here to download our free whitepaper 16 Ways to Protect Your Business from a Cyber Attack.