Η ESET has announced that engineers have identified a new, dangerous one ransomware for Android. It Android / Simplocker, encrypts files to SD card and then seeks a ransom to decrypt them.
Follow information from the company's Press Release.
As long as the encryption is done, at screen the device appears one message in Russian, which informs the Android user that his device is in place violated and are required 260 Hryvnia Ukraine, about 16 euro, to regain control.
Android / Simplocker.A scans the device's SD card for files jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, and mp4.
At the same time, he will send to his own Command & Control server detectable device information (such as IMEI, etc.).
The paradox, compared to previous examples of ransomware to Windows, is that there is no code input field for confirmation of payment, on the contrary, malicious software obeys ordered by C&C server to decrypt the files, most likely after the payment has been made.
ESET experts have analyzed sample the attack in the form of one application called "Xionix Sex". Application not found in official Google Play, which, according to their estimates, means that its spread is still very small.
As the malware has no the functionality to decrypt files, ESET advises users to do not proceed to payment of the ransom, since it does not exist no warranty that cyber criminals will keep their word and decipher the data.
On the contrary, it encourages the use of strong solutions, such as the ESET Mobile Security, for the protection of the Android device, and backup of the data, since thus the user δεν κινδυνεύει να χάσει κανένα αρχείο από κανένα ανάλογο trojan.
For more information and more detailed analysis of the ransomware, those interested can visit the blogpost www.welivesecurity.com/2014/06/04/simplocker/.
Source: e-pcmag.gr