2017 was without a doubt the year of ransomware. Users and businesses worldwide had to cope with the fallout of massive campaigns such as Petya or WannaCryptor, and put up with damages that surpassed the multi-billion USD mark. However, it wasn’t just PC ransomware that made headlines, as authors of Android malware were also looking for new revenue streams.
Misuse of Android’s Accessibility services – designed to help people with disabilities – has been one of the most cunning additions to the Android ransomware scene. Black-hats have also beefed up their efforts in extorting from victims.
Probably one of the most emblematic cases, demonstrating both of these behaviors, was a new ransomware family found by ESET researchers – dubbed DoubleLocker. Discovered in the last months of the 2017, it was also one of the most visible spikes in ransomware activity of the whole year.
However, as a whole, Android ransomware didn’t continue its growing streak from the past years. The amount of incidents had risen wildly up until 2016 and reached its peak in the first half of that year.
In 2017, we observed a change to this trend and despite the continuously increasing amount of Android malware, ransomware targeting this platform has lost some of its power.
But, and there is almost always a but, as shown by ESET LiveGrid® data, this decline might have only been temporary, with several Android ransomware detection spikes – including DoubleLocker – being observed towards the end of 2017.
To find out more about ransomware on Android, the nastiest variants of the past year, as well as the most noteworthy examples since 2013, read the new whitepaper by ESET: Android Ransomware: From Android Defender To Doublelocker.
If you want to find out more, you are very welcome to drop by the ESET booth - H41, located in hall 7, at this year’s Mobile World Congress that will be held in Barcelona, February 26th – March 1st, 2018.