An Android ransomware dubbed DoubleLocker can lock a victim’s phone by changing the device’s PIN and encrypts all the data stored in the device. This makes it nearly impossible for victims to access their data without paying a ransom.
According to researchers, this ransomware is distributed via a fake Adobe Flash Player apps spread using compromised websites. The ransomware asks the victim to grant administrative permissions which it then uses to activate the device’s admin rights and set itself as the default home application.
Whenever the user taps the home button, the ransomware gets activated and the device gets locked again but the user is unaware of the fact that the malware is activated every the home button is pressed.
The ransomware encrypts all data stored in the device using the AES encryption algorithm, which means that, theoretically, there is no way to decrypt the files without receiving the decryption key from the attackers.
The ransomware encrypts all files from the device’s primary storage directory, using the AES algorithm and the “.cryeye” extension. There’s no way to recover the files without the encryption key.
Usually, the ransom to be paid within 24 hours is 0.0130 BTC ($54) which is around Rs 4,000.
After Wanna cry and Petya, malware developers have now struck Android by bringing in a new strain of Android ransomware attack. In case of DoubleLocker, hackers have used the simplest and most effective way to trick users i.e social engineering. Human is the weakest link in cyber security and hackers have leveraged this weak link to compromise android devices.
The central reason why the DoubleLocker is deadly is that it grants itself device administrative permissions (generally used by antivirus/lost-phone apps). This permission gives the attacker complete remote control of the device including features like remote lock, wipe, locate, ring and change passwords.
The prevention, on the other hand, is rather simple. Think before you click! Users are advised not to click on pop-ups that ask them to install plugins or additional software. More importantly, read carefully the permissions you are granting an app. Never ever give device administrator permission to an application even if downloading from the official store unless you are absolutely sure that you want to give the app owners complete remote access to your device.
Prevention is better than cure, Back up your data regularly as paying the ransom isn’t a guaranteed solution. Even if you pay the required amount there is no assurance that the hackers will keep their promise and decrypt your files.
(Ankush Johar is Director of HumanFirewall.io, a cyber security solution provider)