Skip to content

T1471 Data Encrypted for Impact

An adversary may encrypt files stored on a mobile device to prevent the user from accessing them. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.

Item Value
ID T1471
Tactics TA0034
Platforms Android
Version 3.2
Created 25 October 2017
Last Modified 20 March 2023

Procedure Examples

ID Name Description
S0422 Anubis Anubis can use its ransomware module to encrypt device data and hold it for ransom.3
S1062 S.O.V.A. S.O.V.A. has code to encrypt device data with AES.2
S0298 Xbot Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.1


ID Data Source Data Component
DS0041 Application Vetting API Calls