Running from Ransomware: A Mobile User’s Guide
From the second my alarm goes off, my day goes 100 miles a minute. In addition to getting myself ready for work, I have to pack my kids some brag-worthy lunches, conquer the stack of unwashed dishes in the sink from the night before, and make sure that everyone is out the door on time. One day, in the midst of all the usual mania, I had a horrible realization that I had forgotten to buy my mom’s birthday present.
To save myself some time, I whipped out my phone, scrolled through the net and explored a few last-minute gift options. In the corner of my eye, I saw an ad for some cute shoes she’d like from a retail site I had previously visited. Zoom, tap, bam! Browsing history comes through to help me find a present in the blink of an eye.
Last-minute online shopping isn’t the only thing our connected devices are good for. We rely on our mobile phones for the simplest things to navigate through our daily lives. From mapping directions, to scrolling through nearby restaurant reviews, to quickly scanning newsworthy articles, our devices accumulate a lot of personal data through our browsing history.
Although browsing history has come handy for me in certain situations, it often gets a bad rap on its own. Leaker Locker, the new mobile malware discovered by the McAfee team, has created a browsing history nightmare by leveraging surfing habits against mobile users.
When we’re navigating through the net, we usually (often wrongfully) assume that our information will remain private. Unfortunately, that’s not always the case. Our increased trust of the web and dependence on our connected devices has excited cybercriminals, causing the number of mobile malware threats to grow over 80% in the last year.
Hiding behind apps that can be found in the Google Play store, Leaker Locker harnesses its malicious ransomware by disguising itself as an unauthorized mobile backup. Present on two apps on the Google Play store, this ransomware disguised as an app leaves the everyday consumer, like you and me, vulnerable.
So how does Leaker Locker work? It attacks when the user allows device permissions to the newly downloaded, disguised app. Once the malicious app gains access to the device, the device is locked down, and a message pops up on-screen, announcing that the owner’s sensitive information has been compromised. This private information is then used as a bargaining chip for a ransom.
Want to make sure you’re not the next victim of this ransomware? Follow these tips:
- Attention, Please: Scope out the app’s listing on the app store, and read through its reviews carefully. Sure, an app might look like a fun game or seem to make your life convenient, but it pays to be vigilant. Many users leave helpful warnings to others about if a specific app has been disguised as a hub for ransomware. If the reviews or actual app listings seem fishy, steer clear.
- Don’t Pay to Play: Cybercriminals love to demand money in exchange for the “safety” of your personal data. Although paying the ransom seems like a good idea, don’t fall for this trap! Paying the ransom doesn’t guarantee the return of your information. Be extra cautious and try to keep sensitive data off your mobile device.
- Back It Up: Back up your personal information and files by taking advantage of both an external hard drive and the cloud. In the event that you get locked out of your mobile device, you’ll still have access to important data. This back up plan will give you a better peace of mind.
Mobile ransomware has been making headlines, and cybercriminals don’t plan on stopping anytime soon. Get educated and be familiar with their actions. To cover all of your bases, consider turning to a mobile security solution like McAfee Mobile Security (MMS) for Android. With newly designed features that allow you to browse more securely on mobile, MMS provides real time malware (ransomware included) detection capabilities. Most importantly, it gives you the power to safeguard against threats like Leaker Locker a single tap.
More antivirus and malware news?
- April 2014 Patch Tuesday Fixes Microsoft Word Zero-Day
- Samsung Patches Critical Vulnerabilities in Android Devices
- Australian banks are focused on internal security: SailPoint
- Pirate Bay founders tracked down after brief disappearance
- Targeted attacks increased, became more diverse in 2011
- PASS CIFS Gateway Vendor Update – March 1-2
- Google uses machine learning for new security features in Gmail
- Niara Brings UEBA to Ransomware Detection
- eLion Issue – Advisors/Faculty may have problems using eLion – 04/08/2013
- Patchwork Cyberspies Update the Badnews Backdoor