Double Locker – Android based ransomware

Double Locker is the latest addition to the list of ransomware threats which espouses a dual-locking approach. It not only encrypts the user data but also exploits the device by locking its accessibility.
A renowned security research firm found this new Android ransomware ‘Double Locker' that is spreading through counterfeit applications. This two-stage malware not only encrypts user's data on Android device but is also able to change the security PIN code. Hence it is known as ‘Double Locker'.
Double Locker attacks Android devices in two ways. Primarily, it encrypts all data with Advanced Encryption Standard (AES) mechanism and corrupts with .cyreye file extension, which makes it a perfect case of ransom demand. In addition, it stops device access by changing the pin code. According to the research, it is more advanced compared to other Android ransomware. It is the first ransomware which can take device control with admin rights breach. After that, the malware plants itself as a default home app and continuously block the user from unlocking the device. Every time, the user taps on the home button, the ransomware gets activated again and again.
Double Locker ransomware normally spreads through malicious websites in the disguise of a fake flash player, where the victims are lured to download the application. The attackers portray this ransomware in the disguise of a flash player. Once the victim logs in, they are forced to download the fake flash applications displayed as pop-ups. Streaming the videos might not be possible if the malicious Adobe Flash Player is not installed.

Figure 1-Double-locker android based ransomware

Remedy:
•    Using trusty antivirus applications
•    Don't download applications from untrusted sources
•    Pay enough attention to requested permissions when installing a new app.
•    Making steady full backup and don't store sensitive information on your smart-phones