Android: DoubleLocker ransomware encrypts data and changes PINs

A new breed of Android ransomware has been discovered that hits victims with a double whammy. DoubleLocker not only encrypts data as all ransomware does, it also changes the PIN on the target device.  

DoubleLocker was discovered by security researchers at ESET. They say that the ransomware abuses Android accessibility settings, and is the first to use a double-lock approach. Based on previously released banking malware, it is though that a test version of DoubleLocker could have been in the wild since as early as May.

Despite the banking roots, the ransomware is focused purely on extracting money from victims as a ransom -- it is not capable of accessing banking details stored on a phone or tablet. DoubleLocker spreads as a fake version of Adobe Flash Player, and it uses a clever trick to ensure that it gets activated -- enabling accessibility services and then setting itself as the default home app.

Once active, DoubleLocker will first change the device's PIN to a random number. It is not stored on the target device, so there is no way to determine what it is. This is the first incentive for a victim to pay a ransom, and once this has been paid, the PIN can be remotely reset. Encrypting data using AES encryption algorithm, appending the extension ".cryeye" is the second incentive.

If you have a backup of your data, it is possible to remove the ransomware without having to cough up any money.  Otherwise, it will be next to impossible without wiping your phone to factory settings, which will result in loss of everything that is on your phone.  But not all is lost as most data these days, such as Gmail and Contacts are actually stored in the cloud and can be easily resync'd with your reset phone.  For other possible options on recovering your phone without your Pin, read this blog article: What if You Forget your Android Phone's Password?

Learn more here or call The Go To Tech Guru for assistance!
#news #android #virus&malware