Where Android-based ransomware attacks were concerned, several old standbys were still seeing frequent use, including both Charger and SimpleLocker. The most prominent new player in 2017 was DoubleLocker, which was first seen in the wild last October. It is unique in that it was the first Android malware to take advantage of a vulnerability in the Accessibility service to gain admin rights and infect users.
Interestingly, Android-based banking Trojans have been abusing the Accessibility service for literally years. It's not immediately clear why hackers didn't begin using it as an attack vector where ransomware was concerned until the appearance of DoubleLocker. Now that it's on the scene, we can expect to see an increasing number of similar attacks.
In any case, given the fact that ransomware is poised to dominate the threat landscape in 2018, all users would do well to stay on their guard. The slight decline in ransomware attacks against Android users, (while a welcome sight), is probably going to be short-lived. If there's one thing you can be sure of, it is that 2018 will be another record-breaking year where hacking attacks are concerned.