One example of the LockerPIN variant.

Image Source: welivesecurity

LockerPIN targets Android OS and is distributed through software downloaded from third party app stores. It is disguised as a software update embedded in a fake video player and, once installed, it gains administrative privileges and changes the PIN code so the victim is no longer able to access the device. The new PIN code set by the ransomware is never revealed to the victim, even if the ransom is paid. It maintains persistence by preventing deletion and disabling antivirus software.

  • Information on how to remove LockerPIN from an Android device is available in post on Sensors Tech Forum, here. LockerPIN may not be able to be removed in all cases.