Double Locker is the latest addition to the list of ransomware threats which espouses a dual-locking approach. It not only encrypts the user data but also exploits the device by locking its accessibility.
A renowned security research firm found this new Android ransomware ‘Double Locker’ that is spreading through counterfeit applications. This two-stage malware not only encrypts user’s data on Android device but is also able to change the security PIN code. Hence it is known as ‘Double Locker’. This ransomware’s code is coined from Android.BankBot.211.origin which is a banking Trojan that forces the users to give permission for access.
Double Locker attacks Android devices in two ways. Primarily, it encrypts all data with Advanced Encryption Standard (AES) mechanism and corrupts with .cyreye file extension, which makes it a perfect case of ransom demand. In addition, it stops device access by changing the pin code. According to the research, it is more advanced compared to other Android ransomware. It is the first ransomware which can take device control with admin rights breach. After that, the malware plants itself as a default home app and continuously block the user from unlocking the device. Every time, the user taps on the home button, the ransomware gets activated again and again.
Double Locker ransomware normally spreads through malicious websites in the disguise of a fake flash player, where the victims are lured to download the application. The attackers portray this ransomware in the disguise of a flash player. Once the victim logs in, they are forced to download the fake flash applications displayed as pop-ups. Streaming the videos might not be possible if the malicious Adobe Flash Player is not installed.
According to the experts, if any user takes a backup of all data on the infected device, the attack remains weak and with the help of simple factory reset, the device can be put back to normal. For those devices which do not have backups, are still possible to recover the data only if the device is rooted and has its debugging mode on. If not, then paying ransom is the only option to recover data, which is not recommended since there is no assurance of getting the data back. Instead, taking a backup of all the important data is the smarter option.