Introduction: Ransomware attacks are increasingly targeting Android devices due to their open-source nature and widespread adoption. These attacks encrypt or lock user data, demanding payment for access restoration. Existing detection methods often fall short in terms of efficiency, accuracy, and real-time adaptability.

Objectives: This research proposes a novel system, RANDEC (Ransomware Detector for Android), which aims to detect and prevent ransomware infections on Android devices through a lightweight, hybrid static analysis-based approach.

Methods: RANDEC employs two key modules: (1) Permission Verification, which analyzes the AndroidManifest.xml for suspicious permissions commonly used by ransomware, and (2) Threatening Text Detector, which uses NLP and machine learning (Naive Bayes Classifier) to analyze textual content within APK files for threatening messages. The system integrates Python-based backend processing with a Java-based Android client.

Results: The RANDEC system was tested through two experiments: one with custom-built test applications containing ransomware traits, and another involving over 20,000 real-world Android devices. RANDEC successfully identified malicious traits with 98.54% accuracy across a test corpus of 370,000 apps, outperforming comparable models like DNA-Droid and R-PackDroid in terms of speed and detection rate.

Conclusions: RANDEC demonstrates an effective, scalable, and low-resource method to proactively detect and respond to Android ransomware threats. Its hybrid detection capabilities and server-assisted intelligence offer a robust solution suitable for broad deployment