Ransomware is a nasty new trend in the Android malware circuit, and this latest instance is one of the worst seen yet. Users infected with the virus will find files stored on their Android device’s microSD card encrypted, with the only way to unlock them by sending anonymous payment to the crooks behind the scheme.
Files ending with the following common extensions are known to have been compromised: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp and mp4. Once affected you’ll notice that they now end with a second extension – .enc.
So far the only devices to have been affected are from the Eastern European region, with the ransomware itself believed to be of Russian or Ukrainian origin. ESET, the antivirus company which first identified it, has named it ‘Android/Simplock.A’.
When you open the malicious app a message pops up in Russian. Translated into English it says:
“WARNING your phone is locked! The device is locked for viewing and distribution child pornography , zoophilia and other perversions. To unlock you need to pay 260 UAH.
1. Locate the nearest payment kiosk.
2. Select MoneXy
3. Enter {REDACTED}.
4. Make deposit of 260 Hryvnia, and then press pay.
Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours.
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”
‘UAH’ stands for Ukrainian hryvnias, the country’s currency, and is the equivalent of roughly £13. Of course it’s recommended that you don’t pay this fee should you end up infected, as on top of encouraging scammers there is of course no guarantee that the hackers will relinquish your files.
The particularly crafty aspect of this particular ransomware is that it’s nearly untraceable. It communicates with your phone via a server located on a .TOR network – otherwise known as the ‘deep web’. Existing out of sight of the mainstream internet’s prying eyes it is incredibly difficult to locate.
If you’re worried about infecting your device with similar viruses such as this one, then a sure-fire way to stay safe is to only download apps from the Google Play and Amazon app stores. If you do that, and keep them up to date in a timely fashion, then you should have nothing to fear.
Source
