Want to speak with sales?
Mobile ransomware is one of the most disruptive types of cybercrime, often resulting in substantial downtime, financial loss, and reputational damage.
With our mobile devices storing everything from banking credentials to confidential conversations and documents, it’s a cyber threat you can’t afford to ignore.
What is mobile ransomware?
Mobile ransomware is a type of malware. Hackers use it to encrypt files and block system access to extort money.2024 was a significant year for ransomware, with the number of attacks rising by 13%. It was also the year the largest ransomware payment was recorded – £60 million ($75 million) to the Dark Angels.
How does mobile ransomware work?
Although there’s some variation between the different kinds of ransomware, they all follow the same three stages: infection, data encryption, and ransom demand.
Cybercriminals use several methods to deliver ransomware to mobile devices, including:
1. Phishing
Phishing remains the delivery method of choice for mobile ransomware. Spear phishing is especially popular as it enables hackers to target specific, high-profile individuals.
Want to know more about the mobile-specific threats faced by small businesses like yours? Check out our latest research report.
2. Exploit kits
Hackers use these toolkits to scan devices for security vulnerabilities and install ransomware.
3. Downloads
Cybercriminals disguise ransomware as legitimate apps. Once installed, the ransomware is free to spread. On the other hand, drive-by downloads don’t need user interaction – malware installs automatically when you visit a harmful website.
Types of mobile ransomware
Here are the five most common types of ransomware to be aware of.
1. Crypto ransomware
This well-known ransomware encrypts files and data, making them inaccessible without a decryption key. The attacker then demands payment, generally in the form of cryptocurrency. Cybercriminals favour cryptocurrency for its anonymity, global reach, and lack of regulation.
Doublelocker is a notable variant of Android crypto-ransomware. It encrypts files and can change your device's PIN.
2. Locker ransomware
Rather than encrypting files, locker ransomware completely shuts you out of your device. Cybercriminals typically leave a note demanding payment to unlock it.
3. Scareware
This tactic creates fake panic but real danger. It mimics antivirus warnings and claims your device is infected, instructing you to download paid antivirus software. The kicker is that your device wasn’t infected in the first place but gets infected when you download the fake software.
For example, a pop-up says, “Your device has 1,435 viruses! Pay £40 NOW to remove them!”
4. Leakware
Also known as extortionware or doxware. Instead of encrypting your files, leakware steals sensitive information and threatens to make it public.
5.Ransomware as a service (RaaS)
RaaS enables cybercriminals to buy or rent ransomware code from other hackers. It makes ransomware easily accessible, even to those with limited coding skills. According to the World Economic Forum, RaaS kits cost as little as £30 ($40).
What are the most targeted industries?
Manufacturing is the most targeted sector in the UK, particularly small companies with 50-200 employees, followed by finance and healthcare.
Responding to a ransomware attack: to pay or not to pay?
Now, that is the question. UK law enforcement discourages victims from paying ransoms, as there’s no assurance that you’ll regain access to your device or data. Plus, complying with ransom demands increases the likelihood of being retargeted.
Here’s how to respond instead:
- Isolate affected systems: disconnect infected devices from the network to avoid ransomware spreading
- Engage experts: consult cybersecurity professionals to guide your remediation efforts.
- Report the incident: notify law enforcement agencies
- Restore backups: if available, use clean backups to restore data once you’ve eradicated the malware
How to keep your mobile devices and business safe
Following mobile device security best practices can help reduce your risks. Here are a few simple examples:
- Keep your operating system updated and patch security vulnerabilities
- Regularly back up your data to an external hard drive or cloud storage
- Use strong passwords and enable multifactor authentication
- Avoid downloading apps from unofficial sources
- Install reputable antivirus and anti-malware software to detect threats
Don’t let your data get held hostage
Cybercrime is increasingly targeting mobile devices, and ransomware is no exception. Understanding the different types of mobile ransomware and taking proactive security measures helps keep your devices and data safe.
Did you know 59% of SMEs provide no mobile cybersecurity training to staff? Find out why this is a problem and what to do about it in our SME Mobile Threat Report.