Among the prevalent cyberattacks on Android devices, a ransomware attack is the most common and damaging. Although there are many solutions for detecting Android ransomware attacks, existing solutions have limited detection accuracy and high computational complexity. This paper proposes a new Android ransomware detection method based on traffic analysis to address the limitations. We exploit particle swarm optimization (PSO) to select traffic characteristics. Then, based on the selected traffic features, we classify the data traffic using decision tree and random forest classifiers. We examine ransomware cyberattacks in two distinct circumstances. In the first case, we find ransomware traffic; in the second, we locate a specific form of malware traffic among benign traffic. The proposed PSO-assisted feature selection enables the classifier to improve the detection accuracy significantly. The random forest is found to achieve the highest performance in detecting ransomware, whereas the decision tree is the best for detecting the types of ransomware. The accuracy improvements are 2.26% and 3.7% in the first and second scenarios, respectively. The proposed method removes 56.01% to 91.95% of the features. The proposed method convergences quickly as the optimization reaches an optimum value of about ten iterations.