Ransomware Holds Files Hostage on Android for the First Time

The Citizen's Guide to the Future
June 9 2014 12:53 PM

Ransomware Holds Files Hostage on Android for the First Time

android
You could have to bargain for your precious moose on a highway footage.

Photos from Total Commander.

There's a new type of Android malware out there, and it could make a Lindbergh baby-scale situation out of your contacts list and otter gifs. A new ransomware trojan encrypts the data on a smartphone or tablet so even the device's owner can't access them—and then demands money to decrypt and release the data.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

The malware, dubbed Android/Simplocker, seems like it's currently only circulating in Eastern Europe, because, as Ars Technica points out, its notifications are in Russian, and it prompts the user who has been hacked to pay the ransom in Ukrainian hryvnias.

Advertisement

According to Robert Lipovsky, a cybersecurity researcher for the Internet security company Eset, Android/Simplocker may not be fully functional and could be a first attempt rather than a fully formed and tested assault.

When the ransomware is installed it says:

WARNING your phone is locked!
The device is locked for viewing and distribution child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1. Locate the nearest payment kiosk.
2. Select MoneXy
3. Enter {REDACTED}.
4. Make deposit of 260 Hryvnia [about $22], and then press pay.
Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours.
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”

The malware is looking for jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, and mp4 files to encrypt and hold hostage, and it's not clear that the files actually get restored once a user pays the ransom. A post from the security company Sophos says that the malware can be removed manually by rebooting into safe mode, but the encrypted files will be gone forever. It might also be possible to find the decryption key for the files within the malware itself, but it would be complicated.

If you have an Android phone make sure that you're backing up your files and that you're staying away from sketchy apps in Google Play. Malware can lurk anywhere.

Future Tense is a partnership of SlateNew America, and Arizona State University.