Menu
File-encrypting Android ransomware 'Simplocker' targets English-speaking users

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

The malware was updated to use FBI-themed alerts and encrypt backup files, researchers from ESET said

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.

The malware app is called Simplocker and was first identified by security researchers from antivirus vendor ESET in early June. At the time it was the first malicious program for Android devices that used file encryption to extort money from victims.

The original variant was indicative of a work in progress and displayed ransom notes exclusively in Russian, but that has changed recently. Simplocker is now being sold on underground forums and actively distributed to users, so it's no longer just a proof of concept, the ESET security researchers said Tuesday in a blog post.

A new variant found recently displays a message to victims in English that masquerades as an alert from the U.S. Federal Bureau of Investigation about illegal pornographic content being found on the device. The victims are instructed to pay a so-called fine of US$300 through a payment service called MoneyPak.

In addition to expanding the pool of potential victims by adding English language support, the new Simplocker version also has some other improvements, the ESET researchers said.

The previous list of file types encrypted by the malware included mostly images and documents. The new version also encrypts archive files with the .zip, .7z and .rar extensions.

"Many Android file backup tools (which we strongly recommend, by the way) store the backups as archive files," the ESET researchers said. "In case the user has become infected with Android/Simplocker.I, these backups will be encrypted as well."

So not only will users lose access to their documents and pictures, but they will be unable to restore them from backups stored on the same SD card.

The malware installer masquerades as a Flash video player application and requests to be granted device administrator permissions. This makes the new Simplocker much harder to remove once installed.

The good news is that Simplocker's authors haven't improved their encryption implementation, which relies on a hardcoded key and can therefore be undone. The new variant uses a different key than the original versions, but users are still able to recover their files without paying.

ESET has updated their free Simplocker Decryptor tool to add support for files encrypted by the new malware variant.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags mobile applicationsAndroid OSsecuritymobile securitymobileesetmalware

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments