HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware on Mobile Devices

Ransomware on Mobile Devices

Incidents of Ransomware on Mobile Devices are on the Increase

Most IT professionals will already be conscious of the threat of ransomware on networked computers, but now a new threat is emerging – ransomware on mobile devices. The increase of ransomware on mobile devices is particularly disturbing for organizations that allow employees to use their personal mobile devices in the workplace (BYOD), as security experts have found examples of ransomware being transferred from a mobile device to a networked system via corporate Wi-Fi.

The way in which the transfer of ransomware occurs between mobile devices and network systems is similar to the route that led to the massive Target cyberattack of 2013. On that occasion, Cybercriminals were able to enter Target´s network through a vulnerability in a service provider´s security measures. The result was that millions of Target customers´ credit card details were stolen – costing the company (so far) almost $200 million. The consequences of ransomware can be far more devastating.

Where Ransomware comes from and How it Works

Ransomware is a type of computer malware that restricts access to files on an infected device or network. The malware gets into the device due to the user inadvertently downloading a Trojan disguised as a legitimate file, or by clicking on a bogus ad that redirects them to a rogue website. The rogue website then exploits unsecure browser plugins to download the ransomware. Once activated, the ransomware encrypts files on the system´s hard drive.

In order to decrypt the files, the user has to pay a ransom. On receipt of the payment, the cybercriminal releases the encryption key so the user can recover access to the files on the infected device or network. Because the ransom demands are for relatively small amounts in relation to the cost of replacing the inaccessible data, most victims pay up and do not report the crime. Consequently, it is not known how many people and organizations have been the victims of ransomware attacks.

Recent Incidences of Ransomware Attacks

In January 2016, the Israeli Electric Authority was shut down by a ransomware attack after an employee clicked on a phishing email. Although the situation was quickly resolved by the payment of a ransom, the attack on the utility regulatory body was temporary misreported as a cyberattack on the country´s electricity grid – prompting a national alert. Closer to home, there have been several more incidents of vital services being closed due to ransomware attacks:

  • In June 2012, the Surgeons of Lake County were hit by a ransomware attack – preventing access to the medical records of more than 7,000 patients and the medical center´s email service.
  • In November 2014, Clay County Hospital in Illinois were asked to pay a ransom for the unlocking of 12,621 medical records that related to hospital visits two years earlier.
  • In February 2016, the Hollywood Presbyterian Medical Center paid a $17,000 ransom to unlock EMRs and the hospital´s email system

According to Lillian Albon – a cybersecurity expert at the RAND Corp. think tank in California – healthcare organizations make good targets for ransomware attacks because they often do not have the IT security resources available to larger corporations. Hussein Syed – the Chief Information Security Officer at Barnabas Health – added it was vital that systems were kept running in the healthcare industry because of patient care issues. “In some cases” Syed said, “it is a matter of life and death”.

Warnings that Ransomware Now Extends to Mobile Devices

Speculation over how the latest attack on the Hollywood Presbyterian Medical Center could have happened has been rife. Speaking to CNBC, Tim Erlin – Director of IT security and risk strategy at enterprise cybersecurity firm Tripwire – said “A company is more likely to be compromised when it has either software vulnerabilities, misconfigured software or when people in the organization are used as a vector for malicious links or emails”.

On the same news report, Kevin Haley – director at Symantec Security Response – was more direct about the threat of ransomware on mobile devices. He told Bob Woods that cybercriminals are expanding their attacks beyond computers to “target Smartphones, tablets and potentially anything connected to the Internet”. For organizations – particularly those in the healthcare industry – the potential to be subjected to extortion has never been greater.

Recommendations for Preventing Ransomware on Mobile Devices

In addition to advice by security experts to update Java, Flash, Shockwave and other plugins with the latest security patches, recommendations for preventing ransomware on mobile devices and all other operating systems has been released by the FBI. The FBI recommends enabling pop-up blockers, using antivirus and firewall software from “reputable companies”, and always backing up data. Advice for employees includes never to click on any emails or attachments they do not recognize and to avoid suspicious websites altogether.

For healthcare authorities concerned about losing access to their EMRs and email systems through ransomware on mobile devices, TigerText recommends implementing a secure messaging solution. Secure messaging solutions have safeguards in place to secure data on mobile devices, and also to prevent hackers from finding a way into the main IT server infrastructure. Even if an individual user inadvertently downloads ransomware onto their personal mobile device, healthcare organizations will not face the prospect of being held to ransom by a cybercriminal.