Η ESET has announced that engineers have identified a new, dangerous one ransomware for Android. It Android / Simplocker, encrypts archives in SD card and then seeks a ransom to decrypt them.
Below are information from the press release of the company.
As long as the encryption is done, at screen the device appears one message in Russian, which informs the Android user that his device is in place violated and are required 260 Hryvnia Ukraine, about 16 euro, to regain control.
Android / Simplocker.A scans the device's SD card for files jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, and mp4.
At the same time, he will send to his own Command & Control server detectable device information (such as IMEI, etc.).
The paradox, compared to previous examples of ransomware in Windows, is that there is no code input field for confirmation of payment, on the contrary, malicious software obeys ordered by C&C server to decrypt the files, most likely after the payment has been made.
ESET experts have analyzed sample the attack in the form of one application called "Xionix Sex". Application not found in official Google Play, a fact which, according to thepricethem, means that its spread is still very small.
As the malware has no the functionality to decrypt files, ESET advises users to do not proceed to payment of the ransom, since it does not exist no warranty that cyber criminals will keep their word and decipher the data.
On the contrary, it encourages the use of strong solutions, such as the ESET Mobile Security, to shield the Android device, and backup the data, as this way the user does not risk losing any file from any similar trojan.
For more information and more detailed analysis of the ransomware, those interested can visit the blogpost www.welivesecurity.com/2014/06/04/simplocker/.
Source: e-pcmag.gr
