Menu
File-encrypting Android ransomware 'Simplocker' targets English-speaking users

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

The malware was updated to use FBI-themed alerts and encrypt backup files, researchers from ESET said

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.

The malware app is called Simplocker and was first identified by security researchers from antivirus vendor ESET in early June. At the time it was the first malicious program for Android devices that used file encryption to extort money from victims.

The original variant was indicative of a work in progress and displayed ransom notes exclusively in Russian, but that has changed recently. Simplocker is now being sold on underground forums and actively distributed to users, so it's no longer just a proof of concept, the ESET security researchers said Tuesday in a blog post.

A new variant found recently displays a message to victims in English that masquerades as an alert from the U.S. Federal Bureau of Investigation about illegal pornographic content being found on the device. The victims are instructed to pay a so-called fine of US$300 through a payment service called MoneyPak.

In addition to expanding the pool of potential victims by adding English language support, the new Simplocker version also has some other improvements, the ESET researchers said.

The previous list of file types encrypted by the malware included mostly images and documents. The new version also encrypts archive files with the .zip, .7z and .rar extensions.

"Many Android file backup tools (which we strongly recommend, by the way) store the backups as archive files," the ESET researchers said. "In case the user has become infected with Android/Simplocker.I, these backups will be encrypted as well."

So not only will users lose access to their documents and pictures, but they will be unable to restore them from backups stored on the same SD card.

The malware installer masquerades as a Flash video player application and requests to be granted device administrator permissions. This makes the new Simplocker much harder to remove once installed.

The good news is that Simplocker's authors haven't improved their encryption implementation, which relies on a hardcoded key and can therefore be undone. The new variant uses a different key than the original versions, but users are still able to recover their files without paying.

ESET has updated their free Simplocker Decryptor tool to add support for files encrypted by the new malware variant.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags mobile applicationsAndroid OSsecuritymobile securitymobileesetmalware

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments