Android Ransomware Numbers Went Down in 2017

[LASER_oneXM]

The number of ransomware infections on Android devices has gone down in 2017, according to an end-of-year report published by ESET last week.

Android ransomware numbers have been on a general decline since April 2016, when such infections reached their peak.

Nonetheless, mobile ransomware's decline in 2017 is somewhat of an oddity on the Android malware scene, where overall malware detections were at an all-time high, and when desktop ransomware was by far 2017's top cybercrime trend.

Researchers have not been able to pin the decline on any specific reasons, and the new security features introduced in the Android OS don't seem to have played a role, especially since very few users are running the latest security-hardened Android OS distributions.

DoubleLocker was 2017's most prominent new player
Overall, the Android ransomware scene has been the same in 2017 as in the previous year. Screen lockers (ransomware that shows a message over the screen preventing access to other apps), PIN lockers (ransomware that locks the screen with a special PIN), and crypto-ransomware (that encrypts files) have continued to make victims, with very few "technical innovations."

While old players like the Charger, Lockerpin, and Simplelocker families have continued to wreak havoc, especially on the Chinese market, ESET has also seen new strains.

The most important has been the DoubleLocker family, a new ransomware strain spotted last October. DoubleLocker sealed its place in the history of Android malware by becoming the first Android ransomware strain that (ab)used the Accessibility service to gain admin rights and infect users.