Ransomware like CryptoLocker - malware that effectively holds a device hostage by encrypting your files and then locking it — has been around a while on Windows PCs, but 2015 saw several varieties attacking Android as well. Recovery can only be achieved by paying the attacker a ransom fee via a prepaid cash voucher or with bitcoins. (Or if you have full backups, by replacing your hardware and installing the backup data.)

Mobile malware is becoming more sophisticated in the techniques it uses to persist on the device and is becoming increasingly difficult to uninstall — it can even survive a factory reset.

“Security is a very real concern for any device with an IP address, be it Android, iPhone or even a Windows PC connected to the mobile network,” says Kevin McNamee, head of the Nokia Threat Intelligence Lab.

“While Android infections continue to rise and become more sophisticated, late 2015 was the first time we saw iOS malware make our top 20 list, with XcodeGhost being the fourth most prevalent malware detected. We also saw a rise in a variety of ransomware apps that try to extort money by claiming to have encrypted the phone’s data.”
Google and Apple have both increased their vigilance, removing apps from their stores that contain malware, however sometimes the malware itself lingers on.

Cryptolocker attacks can hide in a variety of different “trojan horses” – from links in emails, attachments that masquerade as invoice pdfs, .exe files, USB drives from ‘unknown’ sources, and any other cunning additions that hackers come up with.

What can you do?

  • If you suspect you have clicked on malware, immediately remove your computer from any network you are connected to and turn off wifi. The virus will affect any files connected to your computer, not just those on your hard drive. Once you have done this, call your IT provider asap.
  • Make sure you have invested in daily data backups.
  • Ensure your software is regularly patched and updated – often hackers will take advantage of outdated software that doesn’t have the latest security patches.
  • You can never have too many backup options. Consider online backup if you don’t already have it.
  • Understand what systems and data your current backup regime is covering – if you’re not sure, give us a call.

Note: If you are an IT team client, these steps (apart from #1) will already be in place. If you’re not an existing customer, this is what we recommend, and please give us a call if you need further support.

More reading on cybersecurity and the risks you and your staff should know about can be found in this article by NZ tech journalist Bill Bennett.