Android Ransomware Encrypts Files, Researchers Warn

Researchers have discovered what could be the first piece of Android ransomware that encrypts the user’s content on their mobile device before demanding a ransom payment so the victim can regain access to their files.

The new Android Ransonware was discovered by Robert Lipovsky, a researcher from ESET, who posted about the new threat, and outlined the previous examples of Android ransomware.

“The situation has changed however, with this most recent discovery, last weekend, of an Android trojan, detected by ESET as Android/Simplocker,” said the researchers. “This malware, after setting foot on an Android device, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files.”

Android/Simplocker

According to Lipovsky, the ransomware scans images, documents and video extensions and locks the files up with AES 256-bit encryption. This is first time encrypting ransonware has appeared on Android devices, which is similar to Windows ransomware such as Cryptolocker.

Android/Simplocker however displays a message in Russian which demands a payment of approximately $21 (£12.54). According to Lipovsky, because the payment demand is in Ukrainian hryvnias, the threat is likely targeted against this region.

“Warning, your phone is locked,” says the ransom demand. “The device is locked for viewing and distribution child pornography, zoophilia and other perversions.”

To unlock you need to pay 260 UAH,” the note reads, before providing payment details. “In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!” It promises to unlock your device within 24 hours if payment is made.

And interestingly, it seems that Android/Simplocker.A will also contact its Command & Control server hosted on a TOR domain, and send identifiable information from the device such as IMEI numbers, device models, product and hardware manufacturers, and operating system versions.

Lipovsky says that the ransonware was detected on an app called ‘Sex xionix’, but because this was not found on the official Google Play store, its prevalence should be very low.

It is not clear at this stage what versions of Android are vulnerable.

Android Danger?

Last month, BitDefender Labs warned that a new piece of Ransomware known as Koler.A is affecting Android smartphones and tablets. Users browsing porn websites are apparently tricked into installing the application, which poses as a premium video player under the name “BaDoink”.

Once installed, Koler.A uses the device’s IMEI number to find the device’s home location, and sends a message purporting to come from a local police force, which claims the user has accessed “banned pornography” including child porn, and demanding $300 to reactivate the phone.

Earlier this week, Apple’s CEO Tim Cook used his keynote speech at Apple’s Worldwide Developers Conference (WWDC) in San Francisco to lambast Android, saying that many Android users were not using the latest Android OS, which exposes them to all types of security risks because Android “dominates the mobile malware market.”

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago