New Version of Ransomware 'Kidnaps' Data On Android Phones

Android 11 Logo AM AH 3

A new and sophisticated form of ransomware has been discovered which ‘kidnaps”‘ your data on Android phones. As reported by Phone Arena the bad actor, in this case, will demand payment. Otherwise, they will publish the individual’s data publicly.

As has been widely reported ransomware breaches are on the rise and could have major implications in the near future. One report suggests that as the months progress ransomware issues could become increasingly problematic for businesses.

We have already seen a number of high profile companies attacked by bad actors with ransomware attacks. The most recent of which were LG and Xerox who both faced breaches in the not too distant past.


This new ransomware looks to be less of a problem for businesses although still ultimately a concern. Instead, this one looks to attack the individual more specifically. Holding your data quite literally to ransom.

New ransomware ‘kidnaps’ your data

The news emerged on October 8 that Microsoft’s 365 Defender Research Team wrote a report about the latest evolution of mobile Ransomware.

The report noted that the Research Team “found a piece of a particularly sophisticated Android ransomware”. It reports “novel behaviour” which the exemplifies “the rapid evolution of mobile threats”.


There are a few different forms to this particular type of ransomware. As mentioned one report threatens the publication of a users data publicly. Whilst another threatens the user that they will be locked out from their data in the future.

The report notes that this particular type of ransomware forms part of a family that has been out there for a while. However, since it has become known this family of ransomware has continually evolved and kept changing.

This family exists on arbitrary websites and circulated on online forums using various social engineering lures. It can impersonate popular apps, cracked games, or video players.


Sophisticated ransomware evades protections

The reason this form has gained so much attention was because of its ability to bypass many of the available protections out there. This meant that there is little way of stopping this once it is out there.

Hackers have evolved to use the call and callback feature on Android to grab users attention. This method triggers the ransom note much more easily than other methods.

Microsoft 365 Defender Research Team also believes that its evolution is far from over. They expect more iterations to come in the future putting many of us at risk.


Tanmay Ganacharya, who leads the Microsoft Defender research team left a warning for Android users. He said, “it’s important for all users out there to be aware that ransomware is everywhere”.

This should act as another stern reminder of the power and prevalence of ransomware. It now appears to have permeated into almost every part of our online world. We all now need to guard against its dangers.