Ransomware, which restricts access to a computer's system or files, is among the worst of the new attacks, "because the damage is instant and commonly a machine is rendered completely unusable," wrote Anna Salta on Kaspersky Labs' Threatpost blog. "So not only is the victim's data destroyed, but some of the victim's money is also gone if he or she attempts to pay the attacker's ransom."
For an enterprise, it can be worse than the loss of pictures and memories -- it can mean the loss of encrypted data, while the criminals demand ransom money to release it.
Eric Maiwald, research vice president at Gartner and a mobile security expert, agrees that the latest report simply confirms "the same trend we have been seeing." But he said the one difference now is the use of ransomware.
Jeff Wilson, principal analyst for security at Infonetics, said that even if this is just the continuation of a trend, the message is that both consumers and enterprises need to protect their devices. Antivirus products don't stop all attacks, he said, but they help.
"If you never conduct transactions, store or enter personal information, send or receive sensitive email, browse the Web, or download apps, then you probably don't need to do much," Wilson said. "But if you do any or all of those things, then you should start looking at client solutions from the traditional AV vendors or even cloud solutions that take the burden of security off the devices."
"There's also making sure email and SMS/MMS messages are clean first, and enforcing safe browsing habits by routing web traffic through a secure cloud is a great first line of defense," he said.
Blake Turrentine, owner of HotWAN, a trainer for BlackHat and mobile security expert, said, "something is better than nothing. But he said their protection is "limited due to the restrictions involved in sandboxing of mobile apps."
His advice: "Keep your firmware up to date."
There is also training, although that has its limits as well. "Unfortunately, as with all other controls, training is not foolproof," said Eric Maiwald. "The more users are made aware of the mechanisms for malware infection, the less likely they will be to just download something, unless they really think they want it, or click yes to something, unless they are really tired or really think they want to say 'yes.'"
What about those whose phones are just for personal use? "The headline news is perhaps the best approach to informing them, by repeating that smartphones are not as secure as they may think," Turrentine said.
But the message from trainers is as obvious as the trend: Don't click yes on anything until you've checked it out first.
Sign up for Computerworld eNewsletters.