ESET North America security researchers have identified a new ransomware on Android operating system. They have named this ransomware encrypted files DoubleLocker. This wicked ransomware not only encrypts all your data on your Android device, but also locks your device.
This ransomware misuses Android accessibility services via a banking trojan. However, DoubleLocker does not obtain your banking credentials and stealing your money. Instead this ransomware encrypts your device data, locks your device, and then requests a ransom payment.
This ransomware also has the ability to change your Personal Identification Number, locking you out of your device.
“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017,”
Lukáš Štefanko ESET security researcher
This ransomware encrypted files DoubleLocker is distributed via a phony Adobe Flash Player. Compromised websites are used to spread this fake software. This software once installed uses the Google Play service to obtain administrator rights permissions without your approval.
This ransomware hijacks the Home button, so that each time you click the Home button, the ransomware is activated. Once the DoubleLocker ransomware is activated then your Personal Identification Number is changed. You must then pay a ransom in order for this PIN to get changed by the perpetrators and your device unlocked.
Adding insult to injury perhaps, a second ransom is neccessary. Your Android device then suffers ransomware encrypted files via Advanced Encryption Standard algorithm. Again you must pay a ransom so that the perpetrators can decrypt your data.
This ransom costs around fifty dollars and you are warned you must pay within twenty four hours. There are security solutions that you can install on your Android to protect yourself from DoubleLocker. You can remove DoubleLocker by resetting your device back to factory.
However, you will loose your data, but unless you pay the ransom, you won’t be able to recover your data anyways.