This kind of attack originates in Eastern Europe and first proliferated on PCs a few years ago. The scheme proved to be so successful, it was adapted to mobile devices. Since Android has more market share and is easier to penetrate than iOS, it became the target of choice for the malware community. In the last three weeks alone, more than 30,000 devices were infected by just one variant of the malware.
What's really insidious about this iteration of ransomware is that it doesn't always need you to explicitly install anything locally on your device. It infects devices by “drive-by download” - a method which leaves the victim unaware of any intrusion. The victim visits a website that hosts the malicious code, which then injects itself onto the user's device without any prompt. The method is so successful, it is actually used by the FBI and other intelligence and law enforcement agencies to monitor people who browse suspicious websites. Now, hackers are using it to extort innocent victims.
Newer iterations of ransomware not only lock your device, but give access to remote users to the device. This means that while your phone is hijacked, a malicious user can access your phone's data, use its camera, or make and take calls. Such developments are really worrisome and have inspired security firms to keep a close watch on the use and proliferation of the malware. In comparison, previous ransomware attacks were merely annoying by repeatedly opening your browser to a specific notice page.
Security experts warn to never grant administrative privileges to unrecognized applications and mind your browsing habits.