A ransomware dubbed as DoubleLocker has infected Android devices by changing the security PIN of the device and encrypting all the data stored.
Researchers from cybersecurity firm ESET have discovered the Double Locker ransomware, that is a two-step ransomware which adopts a dual-locking approach.
According to researchers, the ransomware is dispersed through a fake Adobe Flash Player apps. The ransomware's code is based on banking Trojan known as Android.BankBot.211.origin, which compels users to grant administrative permissions, and activate the device’s admin rights and set itself as the default home application.
The attackers have set the ransom at 0.013 Bitcoin (approx. USD 70), which is demanded to be paid within 24 hours of the attack. “Double Locker affects the android devices primarily in two ways: first, encrypts all the data files with AES encryption mechanism and corrupts the same with the .cyreye file extension, thus becoming a perfect case for a ransom demand. Additionally, the malicious software also affects the accessibility of the devices by changing the pin of the device, which cannot be accessed by the users,” explained Sandeep Sharma, Associate Research Manager – Software and Services at IDC.
Researchers stated that the Double Locker ransomware is much more advanced as compared to other types of Android ransomware. This ransomware has an ability to abuse the device accessibility setting to have access to device administrator in order to control the device.
After getting all the admin rights, the malware sets itself as the default home application on the device, and further, after this, it blocks the users from bypassing the lock.
The best way to remain unaffected y this kind of ransomware is to backup of all data regularly, and even after getting attacked by the ransomware you can get your original device without paying ransomware by resetting your device to factory reset.