T1471 Data Encrypted for Impact
An adversary may encrypt files stored on a mobile device to prevent the user from accessing them. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.
|25 October 2017
|20 March 2023
|Anubis can use its ransomware module to encrypt device data and hold it for ransom.
|S.O.V.A. has code to encrypt device data with AES.
|Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.