Android users warned against 'Simplelocker'
ESET warns against 'the first instance of a file-encrypting ransomware for Android'
Android users are being warned against file-encrypting ransomware which has been discovered by engineers at security solutions vendor, ESET.
According to ESET, once a device has been infected, the new trojan, called "Simplelocker" will scan the SD card for certain file types and then encrypt them. It then demands a ransom in order to decrypt these files.
The ransom message is displayed in Russian and says that the device was locked because the owner has viewed and distributed child pornography, zoophilia and other perversions, and encrypts files in the background. Payment is then demanded in Ukrainian hryvnias and asks the victim to pay using the MoneXy service as it is not as easily traceable as using a regular credit card.
Pradeesh VS, general manager at ESET Middle East has provided the following advice to Android users: "We encourage users to protect themselves against these threats by prevention - by using mobile security solutions such as ESET Mobile Security for Android - and adhering to best security practices, such as keeping away from untrustworthy apps and app sources.
"If they are unfortunate to already be infected, they should recover the files from a backup. Because when you have a backup, then any Filecoder Trojan - be it on Android, Windows, or any operating system - is nothing more than just a nuisance."
Simplocker will scan the SD card for files with any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES. It will also contact its Command & Control server and send identifiable information from the device like its IMEI.
ESET estimates that Simplelocker's prevalence is low at this time but believes that this is most likely a proof-of-concept or a work in progress.