A new file-encrypting ransomware that can encrypt the contents even of SD cards is targeting devices running Google's Android operating system, a tech site reported.
ESET said the mobile Trojan dubbed Android/Simplocker scans the SD card for certain file types then encrypts them and demands ransom.
"The ransom message is written in Russian and the payment demanded in Ukrainian hryvnias, so it’s fair to assume that the threat is targeted against this region. This is not surprising, the very first Android SMS trojans (including Android/Fakeplayer) back in 2010 also originated from Russia and Ukraine," it said.
ESET said its analysis of the Android/Simplock.A sample indicates the malware is still a proof-of-concept or a work in progress.
Still, it said malware is "fully capable of encrypting the user’s files, which may be lost if the encryption key is not retrieved."
Investigation shows the Trojan will display a message claiming the device is "locked for viewing and distribution child pornography, zoophilia and other perversions."
For the device to be unlocked, the user should pay 260 UAH, after which the files will be released within 24 hours.
But ESET said Android/Simplocker.A will also contact its command and control server to send information from the device such as IMEI.
On the other hand, the C&C server is hosted on a TOR .onion domain "for purposes of protection and anonymity."
Don't pay up
"While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them," ESET said.
Instead, it urged users to resort to prevention and defensive measures, including using an antivirus app and keeping away from untrustworthy apps and app sources.
"And if you keep current backups of all your devices then any ransomware or Filecoder trojan – be it on Android, Windows, or any operating system – is nothing more than a nuisance,"
No comments:
Post a Comment