DoubleLocker (appending .cryeye extension to encrypted data) ransomware virus is an unpleasant surprise to security researchers and Android users. Android ransomware infections are rare: we have only observed a few of such threats. Cyber Police Android, New Unusual Android, and FBI Android viruses are the ransomware infections we have found to target Androids. All of them demand ransoms in exchange of a decryption tool. DoubleLocker crypto-malware takes advantage of Android’s accessibility service and launches after every click on a “Home” button. It appends .cryeye infection and is transmitted via an update for Adobe Flash Player (DoubleLocker: Innovative Android Ransomware).
It was first discovered by a security researcher named Lukas Stefanko which posted about his discovery on Twitter. He also provided the sample he found which was found as a file.apk (This is the most diabolical Android ransomware weve ever seen) and was detected as Troj.Banker.Androidos!c, Android.Trojan.Agent.PW, Android.Banker.184.origin and with other different names.
DoubleLocker Android ransomware: most important information
Regarded as an exceptionally innovative ransomware virus, DoubleLocker virus originates from the codes of one of the frightening Trojan infections: Svpeng virus. The latter Trojan has obtained a reputation for being a very sufficient collector of banking account information. After that, Svpeng cleans the accounts it managed to invade. However, even though DoubleLocker virus is based on this banking Trojan, the ransomware version is not capable of stealing money straight from victims’ accounts. Instead, another strategy is selected.
DoubleLocker crypto-virus changes PIN codes of infected devices and their owners are no longer allowed to access them (DoubleLocker: Innovative Android Ransomware). In addition to this inconvenient feature, the malware silently encrypts all files it finds in an Android. A combination of a banking Trojan and a ransomware virus sounds as awfully disturbing. Security researchers are predicting a new type of infections that could be called as ransom-bankers. First prototypes of such infections are said to have been noticed in May of this year, but functional samples have not been indicated. However, DoubleLocker virus could be indicated as the closest example to begin the discussion.
Lukas Stefanko, the discover of DoubleLocker ransomware, has stated that this infection could be turned into an even more frightening virus. Currently, the infection has been indicated as well-polished: getting rid of the virus is pretty difficult even in the Safe Mode. After decompilation process, Stefanko indicated that malware is capable of removing itself, shutting down the lock-screen and resetting PIN codes.
File-recovery options
Android infections should not be underestimated. While a few people notice the necessity of having a security software in their computer devices, the situation is even worse for mobile phones. Users have very little interest in securing their phones and continue on using them without a tool for protection. This is a mistake.
If an Android is properly secured with a quality scanner, DoubleLocker virus has very little chance of slithering inside, changing PINs and locking files. The lock-screen presents users with the main conditions. If they are not met, all of the files will continue to be encoded for good. However, paying 0.0130 BTC (approximately 73 USD`0 for file-decryption is not a guarantee either. Hackers can leave the data damaged even if the required sum is sent to the indicated Bitcoin wallet.
Removal of DoubleLocker crypto-virus
Getting rid of DoubleLocker is a difficult task. It is only possible through the factory reset. According to researchers of ESET, there is also a special possibility for users with rooted devices:
“For rooted devices, however, there is a method to get past the PIN lock without a factory reset. For the method to work, the device needed to be in the debugging mode before the ransomware got activated.
If this condition is met, then the user can connect to the device by ADB and remove the system file where the PIN is stored by Android. This operation unlocks the screen so that the user can access their device. Then, working in safe mode, the user can deactivate device administrator rights for the malware and uninstall it. In some cases, a device reboot is needed”.
Try these recommendations if you find yourself infected with DoubleLocker virus. Please remember to never install Adobe Flash Player from unknown sources. However, this infection might be distributed in other methods as well. Therefore, we hope you won’t be involved in other scams.