Four Ways Mobile Device Management Can Protect Your Mobile Workforce from Ransomware Attacks

by Farokh Karani

Ransomware has been a hot topic lately and for good reason. As the number of ransomware cases continues to proliferate worldwide, there doesn’t seem to be any end in sight, or any surefire way to stop the threat against hospitals, schools, law firms, banks, etc. It’s clear that cyber criminals do not discriminate, therefore any business, government agency, financial or health organization is fair game. Overall, ransomware attacks have been profitable for cyber thieves, with the FBI reporting losses of $18 million spanning 15 months in 2014 and 2015.

One of the most high profile cases this year occurred in California at the Hollywood Presbyterian Medical Center. Some reports state that the malware infiltrated the hospital’s networks through an email. Regardless of how it happened, the malware achieved its goal of locking down the hospital’s networks and IT infrastructure. After paying the demanded ransom of $17,000 (in untraceable bitcoins), the cyber criminals provided a decryption key which restored the hospital’s systems and administrative functions.

In most cases, malware attacks are perpetuated through one well-meaning employee opening an infected email, and then clicking on a seemingly innocent link or opening an attachment. However, mobile device users are not off the hook. After successful attacks on hospitals and other organizations, cyber criminals are now expanding their reach to mobile, targeting older versions of Android devices, ranging from 4.0.3 to 4.4.4. This means that still very popular devices like the LG G2/G3, and Samsung’s Galaxy S5, as well as other lower budget phones that use Android 4.x.x are still vulnerable.

This new malware targeting Android, which uses the “Towelroot” exploit, is being used to spread Dogspectus ransomware. First discovered in February 2016, Dogspectus works through the use of malicious ads, which are served onto a device through a series of redirections that usually start with malvertising. What’s most shocking about Dogspectus is that, unlike typical ransomware, it doesn’t require the victim to act or download the malware: it actually installs itself. Once installed, the ransomware displays an iTunes graphic claiming the device has been locked by a law enforcement group, such as the “American National Security Agency” which at first glance, might sound legitimate. The demanded payment isn’t in bitcoin, but rather in iTunes gift cards, usually two in increments of $100.

Not only is it automatically launched, but Dogspectus does not encrypt the device, it locks it. If connected to a computer, all music, files and pictures can be removed by the perpetrators. The device is held in this locked state, unable to do anything besides pay the ransom.

This alarming trend towards malware automation should put small to mid-sized enterprises (SMEs) and larger organizations on edge. It indicates that malware is evolving and unpredictable. What’s the solution? It’s not enough to deploy newer devices company-wide. Companies should take a closer look at their mobile security policies to ensure that the devices being used on company time are not a vulnerable weak spot and gateway to what could be a devastating data breach.

Mobile Device Management (MDM) is the only way to prevent an organization’s mobile workforce from falling prey to the latest schemes and malware attacks, which represent a revolving door of new threats appearing on a weekly basis. There are four important components of MDM that can make a big difference for SMEs and other businesses. Each one makes use of additional layers of “firewalls” to keep company-owned smartphones and tablets from being the weak link:

  • Virtual Fencing –Using geographical locations, Wi-Fi Service Set Identifiers (SSIDs) and time as boundaries, it’s possible to secure confidential inter-office SME data. Administrators can set up rules to allow for or restrict device usage and application configurations. Also, “fence triggers” can alert administrators when the device enters or exits assigned boundaries.
  • Flexible Policies – Building in policy flexibility, administrators can now apply specific policies to a selected group or team to secure devices and prevent data loss. Policies may include preventing or restricting GPS access and blocking devices from connecting to other devices through USBs, which can be used maliciously to spread malware.
  • Mobile Web Security – Administrators can use specific keywords or URLs to a blacklist or whitelist and can also block keywords, URLs or domains. It’s important that MDM solutions support a range of browsers, including Chrome, Firefox and Opera.
  • Reporting – Reporting is the only way for administrators to create actionable, results-driven statistics about all company-owned devices. Reports can be based on specific devices, user groups, date ranges, file preferences or profiles. Real-time graphical summaries provide information on infection status, app non-compliance, network data usage and more. By reviewing reports on a regular basis administrators can determine whether company devices are being used as the security and usage policy dictates and take action to correct policy violations before a breach occurs.

Beyond securing company devices and data, MDM can help companies manage costs through network data monitoring. Administrators can better understand how bandwidth is being consumed and which apps or devices are using most of the organization’s allotted mobile data. Although MDM is critical to securing devices and protecting company data, nothing can replace regular employee trainings and education on IT security risks and how to avoid malware attacks altogether. Once employees are aware and can recognize malicious advertising, they’ll be much less inclined to click on a link or attachment that may trigger a ransomware attack that may lock their device – or even worse, create an “open door” to the company network, leaving sensitive data and financial records vulnerable to theft.

Farokh Karani is Director, North American Sales & Channels, for Quick Heal Technologies.



Leave a Reply

WWPI – Covering the best in IT since 1980