Android Nougat will stop password-reset ransomware

Ransomware shuts users out of their phones by changing the lock-screen password.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

Android Nougat will come with a new security feature that prevents ransomware from locking users out of their own devices.

The new operating system, slated for public release later this year, will no longer allow users or software to invoke a command that clears already-set passwords. Instead of encrypting files like traditional ransomware, Android ransomware typically resets a user's lock-screen password, preventing the user from getting access to their own phone or tablet until they pay for the password's release.

Symantec's Dinesh Venkatesan, who published a write-up of the new security feature, said in a blog post that it "will not stop threats from setting the password on devices with no existing password".

A developer page confirmed the "resetPassword" function can only be used to set a password if one doesn't already exist.

In other words, now there's one more reason to set a password.

The policy change comes amid a wave of ransomware that evolved on the platform in the past year. A number of ransomware variants have hit the platform, tricking users into installing games or utilities, which later lock users out of their devices until they pay up.

Ransomware is said to be the "biggest" cybersecurity threat in recent times, after costing businesses and consumers millions of dollars worth of damage.

Editorial standards