Ransomwares on Android have become a challenging threat, performing tasks such as hijacking screen resources, locking devices, and encrypting files. Even worse, with the evolution of ransomwares, many ransomwares can disable USB interfaces of mobile devices. It is difficult for users to recover their devices or decrypt files with the help of other equipment and gives monetary damages to victims. In this paper, we analyse the symmetry between the ransom behaviours and the source code of screen resource hijacked ransomwares, devices locked ransomwares and files encrypted ransomwares. We also propose strategies of recovering hijacked resources, recovering hijacked devices and decrypting encrypted files. To protect mobile devices and private files from ransomwares, we design and implement an automatic recovery application—KRRecover—which is used to recover the hijacked devices and decrypt encrypted files on Android.

中文翻译：

---

KRRecover：Android设备上用于勒索软件劫持的设备和加密文件的自动恢复工具

Android上的勒索软件已成为具有挑战性的威胁，它执行诸如劫持屏幕资源，锁定设备和加密文件之类的任务。更糟糕的是，随着勒索软件的发展，许多勒索软件会禁用移动设备的USB接口。用户很难借助其他设备来恢复其设备或解密文件，并给受害者造成金钱损失。在本文中，我们分析了勒索行为与屏幕资源劫持勒索软件，设备锁定勒索软件和文件加密勒索软件的源代码之间的对称性。我们还提出了恢复被劫持资源，恢复被劫持设备和解密加密文件的策略。为了保护移动设备和私人文件免受勒索软件的侵害，