Ransomware is increasingly the hacker's tool of choice, and it's not just on PCs anymore -- Android devices have been under attack from malware like Cryptolocker and Simplelocker. Ransomware encrypts files on your hard drive or prevents you from accessing your device. After the malware is installed, the attacker demands payment in exchange for a decryption key to unlock your device. Find out how you can avoid Android ransomware and why you should be concerned about it.

How to avoid ransomware

When faced with ransomware, "The best defense is to be proactive," says Raj Samani, chief technical officer for the Intel Security Group. "Doing something now is better than being faced with doing something after the event."

Samani advises practicing good electronic hygiene:

Run security software
Do not open untrusted email attachments
Do not click untrusted links in emails or on websites
Download apps only from the Google Play App Store
Make sure you have good backups
If you do get held hostage by ransomware, unless the cyber security industry has managed to extract the decryption key for it, your best bet is to restore from backup.

Security apps like Avast Mobile Security or McAfee Mobile Security can watch for ransomware. See our guide for more tips on how to keep your Android device secure.

Ransomware: A growth industry

Ransomware is on the rise. Looking at just one industry in just this year, ransomware attacks have hit hospitals in California, Kentucky, and the Washington, DC, area. The feds are concerned enough for the FBI and the Department of Homeland Security to issue alerts on the growing threat.

The incidents of attacks are growing, experts say, and one reason why is that a ransomware campaign can be financially rewarding with little chance of arrest.

"This is a growth industry," says Raj Samani of the Intel Security Group. "The tools of the trade are accessible. People can make good money without strong technical skills." For example, Samani says, enterprising hacking sites are setting up affiliate programs, providing hackers with the tools to run a ransomware campaign in exchange for a cut of every ransom paid.

The Intel Security Group reported a 26 percent jump in ransomware samples in the last quarter of 2015, in part because of how easy it is to conduct campaigns.

And while Windows attacks have seen much of the media attention, Filip Chytrý, a researcher at Avast, reports that 200,000 of Avast's mobile customers encountered ransomware in 2015, with attacks growing by almost 6 percent this year. Chytrý says that mobile attacks are growing in number and sophistication, with Android malware often generating encryptions keys unique to each device. Once files are encrypted with a unique key, Chytrý warns, it is nearly impossible to decrypt. He adds that attackers are using virtual currency like Bitcoin for ransom payments, bypassing traditional banking and the possibility of tracing money transfers.

How ransomware gets on Android devices

In a recent security report, Google said that when ransomware lands on an Android device, it's almost always because the user was tricked into installing apps that aren't in the Google Play App Store. The app may come from a familiar-looking ad directing users to the malware, or through a link to a fake Flash or other media-player app that users download.

Google estimates that less than 0.5 percent of all Android devices had a potentially harmful application installed during 2015. Only 0.15 percent of devices using just the Google Play store had installed a potential harmful app.

In a more sophisticated ransomware attack, once the malware is on the Android device, it contacts a server, which generates an encryption key unique to that device. The decryption key is stored on the attacker's server, and the victim gets the key only if they pay up.

In a less sophisticated attack -- for example, where there's an encryption key for the entire campaign, not for each device -- a security company may be able to crack the encryption. But Avast's Chytrý estimates that 70 percent of recent attacks are uncrackable.