A new malware found on Android devices is locking photos, videos, documents and other files saved on the device and demanding ransom for decrypting them.
Android device owners in Eastern Europe are the new victims of a malware that encrypts photos, videos, documents and then demands ransom to unlock them. The infection called Simplocker was first discovered by Robert Lipovsky of antivirus provider Eset and detailed in the company's blog last Wednesday. It was picked up by several media organizations for it is the first Android file-encrypting TOR-enabled ransomware.
According to the report, Simplocker ransomware scans SD cards for files in formats including jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES security key. Following the hack, the malware displays a message in Russian asking for 260 UAH (Ukraine Hryvnia), equivalent to $21, to unlock the device. The message also accuses users of crimes such as downloading illegal software and threatens to report it to the authorities and deleting all data on the device. The crooks demand the payment be made at a payment kiosk to unlock the device within 24 hours.
As most device owners might be tempted to fulfill the demand, Lipovsky urges users to avoid paying any ransom to the anonymous hackers. It is also unclear whether paying the ransom has decrypted users' phones.
"We encourage users to protect themselves against these threats using prevention and defensive measures," Lipovsky warned users in his blog. "Adhering to security best practices, such as keeping away from untrustworthy apps and app sources, will reduce your risks. And if you keep current backups of all your devices then any ransomware or Filecoder trojan - be it on Android, Windows, or any operating system - is nothing more than a nuisance."
As the malware puts users' most valuable data at risk, a report from Sophos said that the device can be restored by rebooting into safe mode. Once in safe mode, users must navigate to Settings and select Apps to view all third party applications and uninstall it. Restart the phone normally and run a security scan using reputed anti-virus software.
Eset and Sophos have strongly warned users against downloading apps outside of Google Play Store and allowing installs from sources other than Google.
The news of Android malware comes less than two weeks after Apple device owners in Australia reported a hack that also demanded ransom. Users were locked out of their iPhones, iPads and Mac computers and were asked to pay $50 via PayPal to unlock devices. But any link between the Australian hack and the latest one in Eastern Europe has not been reported.