ESET uncovers first Android file-encrypting piece of ransomware

Android/Simplocker malware allows hackers to hold users' devices to ransom

Malware researchers at security vendor ESET claim to have uncovered the first example of a malicious file-encrypting piece of ransomware aimed at Android users.

In a blog post, announcing the finding, the company said the Android/Simplocker malware works by scanning a user's smartphone or tablet for files to encrypt, before demanding a ransom to unlock them.

Advertisement - Article continues below

The file types targeted by the malware include jpegs, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp and MP4.

We strongly recommend against paying up because that will only motivate other malware authors to continue these kind of filthy operations.

Affected users are usually notified about the fact their device has come under attack by a ransom message that's written in Russian and demands payment in Ukrainian hryvnias.

Robert Lipovsky, an ESET malware researcher, wrote in the blog: "It's fair to assume that the threat is targeted against this region.

"This is not surprising, the very first Android SMS Trojans back in 2010 also originated in Russia and Ukraine," he added.

The message accuses the device user of accessing and distributing child abuse images, as well as information about "other perversions", before issuing instructions about how to pay the ransom.

"After payment your device will be unlocked within 24 hours," the message states.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"In case of no payment, you will lose all data on your devices."

The researchers also discovered the malware keeps in contact with a Command & Control server, and sends identifiable information from the device back to it.

This server is also thought to notify the device once payment has been received, so that it can be unlocked.

"Our analysis of the Android/Simplock... revealed that we are most likely dealing with a proof-of-concept or a work in progress for example," Lipovsky continued.

"Nevertheless, the malware is fully capable of encrypting the user's files, which may be lost if the encryption key is not retrieved.

"While the malware does contain functionality to decrypt the files, we strongly recommend against paying up not only because that will only motivate other malware authors to continue these kind of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them," he added.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

What is a Trojan?
Security

What is a Trojan?

15 Jun 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020