Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

New Android Ransomware - DoubleLocker

 

Systems Affected


All Android Devices

Threat Level


High


Overview


Security researchers have identified a new kind of ransomware called DoubleLocker, which infects Android devices and encrypts the mobile phone and modifies its PIN also.


Description


As the ransomware performs a two-way action to lock the phone it is called DoubleLocker. It encrypts all the files and changes the PIN. Hackers demand 0.0130 bitcoins (approx.$73) as the ransom to decrypt the files and to reset the PIN. The ransomware is being distributed as a fake update of Adobe Flash while compromised websites are being used to spread it.


Impact


It encrypts data using the AES encryption algorithm through CRYEYE extension. The encryption is highly effective, and without the decryption key, it becomes impossible to unlock the files. The PIN is also changed effectively by setting it to a random number. Therefore, recovering access to the device is not possible. The PIN will be reset after the ransom has been paid and the device will be unlocked. Attackers give 24 hours deadline to the victims for payment of ransom.


Solution/ Workarounds


Avoid installing apps and software from untrusted third-party websites and choose reliable and authentic platforms only. t want to pay ransom amount, is to run factory reset.


References


https://www.hackread.com/new-android-ransomware-permanently-changes-pin-demand-ransom/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.