For a long time there will be nothing other than the Telefónica case, although in reality it was Wannacry, a ransomware that attacked Windows and expanded, as it could not be otherwise, all over the world. It can be said that no one is safe from such an attack, which is why companies spend so much money on computer security. In one form or another, any system is invulnerable.
Right here we try to reassure potential users concerned about whether or not this ransomware could attack their mobile phones because they are customers of the operator, but now that the storm seems to have passed, it’s time to take things more calmly . Wannacry did not affect mobile phones but ransomware on smartphones exists, it’s very real. Let’s talk a little bit about him.
Do not trust, nobody is safe
It is frequent in situations of generalized infection like the one that was lived yesterday with Wannacry that is advocated because there are operating systems more secure than others, and this is certain. As true as there are no invulnerable operating systems. Everyone, in one measure or another, is attacked. Logically, the most popular are the most likely to fall, hence Android and Windows are preferred for hackers. Although maybe hacker is not the right word.
We find malware in both Windows and Linux and OSX, and in mobile phones happens exactly the same with Android, Windows, iOS and other systems. The difference, as we said before, is the number of users writing malicious code for one and the other platforms. Therefore we do not have to neglect the security we use the operating system that we use.
The only device invulnerable to attacks is one that does not turn on
We should internalize that no operating system is invulnerable, and that the user is also partly responsible for the integrity of his mobile phone. Believing that our system resists everything can cause us to lower our guard, and it is precisely the lack of security measures that causes most infections. The only invulnerable device is one that does not turn on. But let’s go in parts.
What is ransomware?
It is perhaps the doubt that we must first clear, what is really a ransomware. Usually it is placed in the surroundings of the virus although it is not really so, although they belong to the same family. Ransomware is a part of malware, as is adware, virus itself, spyware and other derivatives.
It is one of many types of hostile software that swarm over the technological ecosystem and has a very specific function. Ransomware uses weaknesses in the operating systems, usually with the involuntary collaboration of the users themselves, to take control of a system and offer the developer the possibility of blocking it, something that is usually done automatically.
Once our phone is infected and the shift ransomware is activated, the device is blocked and we are asked to pay a ransom. It may happen that our system has been encrypted, although what the kidnapper offers us the key to decrypt it and that it is again operational, or directly threatening us with the total erasure of the information contained in our mobile phone.
So the way to know that what has attacked us is a ransomware is that our device will not show advertising making it unusable, as does the adware, but it will show a clear message for us to enter a certain amount of money to get our device back . Logically, the recommendation that any security expert makes is not to pay and try to clean up by other methods.
What can ransomware do on my phone?
As we said before, the goal of a ransomware is to block our phone to request a payment. It is still a kidnapping and a rescue request, hence the name of this malicious software that comes from the union of “ransom” and “software“: software kidnappings. Even so, threats to pay can be varied.
We can find ransomware that encrypts the contents of our phone with a specific key that we will need to restore its use. Failure to pay in a specific amount of time, we will be forced to format before the impossibility of accessing our SmartPhone as it was before. That is why the recommendation is usually to format voluntarily, not acceding to blackmail.
Making backups regularly we can format without fear of losing anything sensitive
Ransomware has different tricks to intimidate us, such as offering us information that we get from our network to make us believe that it is an attack directed against us exclusively and not a random attack caused by a software released waiting to find an activation. They can give us our IP address, the operator with which we work and, sometimes, even show us a photograph taken with our own camera at the moment. Everything, as we say, automatic and with the sole intention that we pay to recover the phone.
What should I do to not become infected with ransomware?
Ransomware, like any other malicious software, often requires our help in assaulting our mobile phone. Since we have a device in the hands permanently connected to the Internet and with which we exchange data on a constant basis, the easiest way to enter our system is precisely through a download.
One of the main recommendations we can make is to keep the operating system of our mobile always updated to the latest version. In many cases, malware uses system weaknesses that have already been detected by those responsible for operating systems and have been corrected by patches of more or less volume. Having them downloaded is a way to avoid attacks.
1. Always updated operating system.
2. Do not install non-store applications.
3. Have anti-malware software installed.
If the weakness that the ransomware found in the system has not been detected yet, or the correction is still in progress, we will avoid infecting us by not downloading any type of application that does not come from safe sources. This includes not downloading external apps to mobile app stores. for example, Do not download or install non-Google Play apps on Android.
App stores have their own malware detection and removal systems, and although their reliability is not 100%, we’ll be safer if we just download apps from these secure environments. Especially because if a malware accesses our phone through an application that was supposed to be secure, at least the responsibility of the infection will no longer be ours.
One last recommendation is that we download an antivirus in our mobile phone, although in this case they are not really antivirus and its name arrives inherited from the model of software that triumphed in its moment in the PCs. They are anti-malware and what they do is precisely detect and slow malware. If we are going to continue installing software from where it seems to us, unless we have some kind of internal help on the phone.
How do I remove a ransomware if I have already infected?
The less aggressive ones are eliminated by formatting the device, because eliminating the application that has infected us is usually not something that works in a general way since the malicious software itself is responsible for protecting itself by moving to other folders and ceasing to depend on the application “Trojan horse” with which we help him get on the phone.
If we have often performed physical or cloud backups of our most sensitive data, such as documents or photographs and videos, we will have nothing to fear.
Unfortunately, removing a ransomware usually happens by formatting the mobile phone
If this restoration from scratch does not work, it is advisable to go to the technical service and there you can return to life our mobile phone that probably, as we speak of ransomware, will not have suffered irreversible physical damage. A reinstallation of the software made by an expert must solve our problem.
We trust that this text has served you to really know what a ransomware is and why it is so alert to the possibility of an attack. It is nothing more than software designed to hijack a system, in this case a mobile phone, and ask for an economic rescue in exchange for its release. Remember what we have learned from the cinema: The United States does not negotiate with terrorists. Do not pay.
|How an anonymous researcher has stopped accidentally and with 10 dollars the ransomware WannaCrypt|