2017 was without a doubt the year of ransomware. Users and businesses worldwide had to cope with the fallout of massive campaigns such as Petya or WannaCryptor, and put up with damages that surpassed the multibillion mark. However, it wasn’t just PC ransomware that made headlines, as authors of Android malware were also looking for new revenue streams.
Misuse of Android’s Accessibility services – designed to help people with disabilities – has been one of the most cunning additions to the Android ransomware scene. Black-hats have also beefed up their efforts in extorting from victims.
Probably one of the most emblematic cases, demonstrating both of these behaviors, was a new ransomware family found by ESET researchers – dubbed DoubleLocker. Discovered in the last months of the 2017, it was also one of the most visible spikes in ransomware activity of the whole year.
However, as a whole, Android ransomware didn’t continue its growing streak from the past years. The amount of incidents had risen wildly up until 2016 and reached its peak in the first half of that year.
In 2017, we have observed a change to this trend and despite the continuously increasing amount of Android malware, the number of ransomware targeting this platform has lost some of its power.
But, and there is almost always a but, as shown by ESET LiveGrid® data, this decline might have only been temporary, with several Android ransomware detection spikes – including DoubleLocker – being observed towards the end of 2017.
To find out more about ransomware on Android, the nastiest variants of the past year, as well as the most noteworthy examples since 2013, read the new whitepaper by ESET: Android Ransomware: From Android Defender To Doublelocker.
written by Ondrej Kubovic, ESET We Live Security