DoubleLocker Ransomware Targets Sri Lanka


If you’ve heard of names like WannaCry and Petya, then you’re not alone. This duo was responsible for a fair share of hindrances caused to systems all over the world. In case you were wondering, a ransomware is a type of malware that disables or limits a user from accessing his/her files (documents, data, applications) on a system. It does so by either locking the system’s screen or by locking the users’ files unless a ransom is paid. While there were a number of workarounds, (some of which involved full-scale system refreshes), you could get systems back up and running if you had all the necessary tools in place.

Ransomware is about about to get trickier

What if, rather than your PC or laptop, your phone was infected? According to an announcement by SLCERT (Sri Lanka Computer Emergency Readiness Team) Android smartphone users in Sri Lanka face a potential risk of being infected by a mobile ransomware. Called DoubleLocker, the ransomware is based on a banking Trojan and can be installed on an Android smartphone by means of a fake Adobe Flash Player application. These applications are commonly seen on suspicious websites riddled with ads and malware.

DoubleLocker Ransomware Sri Lanka
Image Credits: Wandera

Once it breaches an Android smartphone, the ransomware gets Device Administrator rights for itself (with the user’s consent) and then sets itself as the default home application. So each time you press the home button on your Android smartphone, the ransomware reactivates itself.

From there, the DoubleLocker ransomware can lock the victim’s phone, encrypt all data and even change the PIN on the phone. If you wish to unlock your data, you would then have to pay a ransom. This is via bitcoins. Even though paying by this method is an option, SLCERT strongly advises against carrying out payment as there’s no guarantee that your data would be unlocked.

Currently, the hackers are demanding a ransom of $54 (LKR 8,299.80) which is to be paid within 24 hours. Failure to pay on time will result in the data remaining encrypted, but not deleted. At least, for now.

How can I stay safe from DoubleLocker?

Well, the first course of action would be to install applications only from sources you trust such as the Google Play Store. This would alleviate a greater portion of the risk as third-party sources or websites can have the DoubleLocker ransomware hidden till a user visits that particular website. In addition, take a backup of all your important data and save it either to a physical location such as an external storage device or on the cloud via a cloud storage service such as Google, Dropbox or similar.

DoubleLocker Ransomware Sri Lanka
Performing a factory reset on an Android smartphone
Image Credits: Android Central

If your phone is infected with the DoubleLocker ransomware, do not proceed to make any payments. For now, the only way to get rid of the DoubleLocker ransomware is to perform a factory reset. You can consult your smartphone’s user manual on how to perform a factory reset or check it out online. If you have followed the earlier steps and backed up all your data, then performing a factory reset shouldn’t cause you to lose any data at all. Rather, it would just be a time-consuming process as you have to install all your apps from scratch.

We at ReadMe will also keep you posted with regards to the latest updates on DoubleLocker so stay tuned for more details.  



Please enter your comment!
Please enter your name here