I would love to be spending my time writing positive pieces about IT and the world of technology and believe me, there are many positive stories I could write. Unfortunately in the fast paced cyber world we find ourselves operating in, I am increasingly finding it necessary to forewarn our clients and friends on the latest threats to their IT systems and network enabled devices.  This piece will be of great interest to us Android lovers and looks at the increasing instances of ransomware attacks on Android devices.

Ransomware, as I’m sure most of you know by now is when cybercriminals gain access to your network enabled device and encrypt it or the vital files and folders contained within it. This usually happens after you have clicked on what you believe to be a legitimate link allowing their malicious code to infect your device. They then demand a payment or ransom to unlock your device. I recommend reading my piece “Ransomware – The Complete Survival Guide” if you would like some more information on this menace. Latest stats suggest that in 2017 there has been a 100% increase in the instances of reported ransomware attacks on Android devices.

Why Android and not Apple IOS?

As some of you may know, Android is in part, open source, meaning that  Google allows developers to play around with the code to develop custom ROMs (a lesson for another time) and many apps can easily be uploaded by developers to the Play Store. Android users can also download and install apps and games away from the Google Store by simple flipping the switch to – Install apps from “unknown sources”. IOS on the other hand is a closed system, totally controlled by Apple and all apps must be installed via the App Store.

So you would think that by only downloading apps from the official Google Play Store, your device will be fine. 

I would love to say that this is the case however, it is reported that an incredible 36.5 million Android devices have been infected by various malware infection from the Play Store itself. The majority of these infections are annoying adware infections but there is also a high percentage of info stealing malware and ransomware infections reported.

Android Ransomware Apps

The future of Android Ransomware appears to in the form of Ransomware as a Service (RaaS). RaaS is the process whereby those with the coding expertise create the malicious apps and sell them on to criminals. The criminals now only need a method of delivery to your device and by hiding the infection in seemingly innocuous apps they have a means of delivery.


Currently the Ransomware Apps are only available in the Chinese language, in large part down to the fact that the Google Play Store is blocked in China whereby by apps must be downloaded from “Unknown Sources” The image on the right shows the typical layout of the purchased Ransomware App or Malware Generation Kit. It has an easy to use interface that allows the following customisations.

  • The message that is to be displayed on the locked screen of the infected device
  • The key to be used to unlock the infected device
  • The icon to be used by the malware
  • Custom mathematical operations to randomise the code
  • Type of animation to be displayed on the infected device 



How to reduce your chances of an attack

I’ve said this before and I’ll say it again. There currently is no 100% protection from a ransomware attack simply because, it is the actions of the victim that allow the attack to take place. In order to greatly reduce your chances of attack we at recommend the following:

  • Install a trusted anti-virus solution on your device.
  • Backup your data regularly.
  • Avoid downloading from unknown sources or third party sites.
  • Pay attention to the permissions you allow when installing an app regardless of where you downloaded it from.
  • Check the ratings and read the reviews on apps you intend to download from the official Play Store.
  • Do not open email attachments or click on links from unknown sources.

Over the coming months you can expect to see an increase in the instances of ransomware attacks on Android devices as RaaS makes it so easy for criminals with little or no technical experience to target their victims. I would hope, like me, that you will not allow the cybercriminals to alter your views on Android devices. Our smartphones and tablets are now as powerful and functional as our laptop and desktop systems and as such, should be afforded the same level of security. You are only a victim, if you allow yourself to be one, so continue to get the most out of your portable devices for both work and play but be mindful of what you install and the permissions that you allow.