Watch Out For DoubleLocker Ransomware — Computer Tip of the Day

AE Technology Group
AE Technology Group
2 min readNov 23, 2017
DoubleLocker Ransomware

It is always challenging to balance the need for security along with the need for employees to BTOD (bring their own device) to use for work-related purposes, or in some cases, use company-supplied portable smart devices while on the job.

If your employees use Android smartphones or tablets for work-related activities, then you’ll want to raise awareness about a new ransomware that not only encrypts the user’s phone or tablet data, it also changes the PIN number, making it impossible for them to gain access to their device again unless they pay a ransom.

How it Works

Dubbed “DoubleLocker”, this new Android OS ransomware spreads by way of a fake Adobe Flash update found on a compromised website. If the phone or tablet user accepts the download, the fake app asks for activation of “Google Play Services”. It exploits a series of permissions designed for the disabled who use the accessibility service functions that Google provides. Once DoubleLocker is completely installed, it sets itself up as the default Home application. When a user attempts to use their phone again, they are greeted with a ransom note. The user is given 24 hours to pay about $73 to regain access to their phone or tablet.

Although this is not necessarily a large sum of money, it is disconcerting to say the least, to know that a hacker is now in control of the device and its data. In addition, until the hacker receives payment, the employee cannot accomplish any work-related activities on that device, potentially resulting in lost revenue for their company.

Prevention is the Key

The best way to avoid larger issues from this ransomware and others, is to ensure that employees work completely in the Cloud from their phone or tablet, so that no data is lost should their device ever become comprised. The device itself can be saved by performing a factory reset on it in order to avoid paying the ransom, but any data stored only on the device is lost during the reset process.

Additionally, training employees on what to look for with regard to the DoubleLocker ransomware is a key, as well as instructing employees to simply avoid installing any unknown applications or software on their devices. Instead, they should always check with their IT Support before downloading anything questionable.

Want to know more about protecting your organization from security threats? Contact us.

--

--