Researchers Ohad Mana, Aviran Hazum, Bogdan Melnykov and Liav Kuperman said in a blog post that the Android malware was originally a MaaS botnet and dropper.
The added ransomware capabilities allow Lucy to gain control of infected devices, make changes and install new malicious applications.
When Lucy infects an Android device, it displays a note after installation which is claimed to be from the FBI. This note states that the user's details have been sent to the agency's Cyber Crime Department's Data Centre, and lists a number of offences allegedly committed by the victim.
The researchers said they had found more than 80 samples which were being distributed as social media links and instant messaging apps.
"Although we have not yet seen many mobile ransomware out there, we have observed an evolution," they said.
"Mobile ransomware is getting more and more sophisticated and efficient, as shown by Lucy, and this represents an important milestone in the evolution of mobile malware.
"Sooner or later, the mobile world will experience a major destructive ransomware attack."