Experts Discover File-Encrypting Android RansomwareJune 5, 2014 – 5:30 AM
Security vendor ESET claims to have discovered the first ever piece of file-encrypting Android ransomware, which has an associated C&C server hosted on a TOR domain to hide its location.
The malware, detected by the vendor as ‘Android/Simplocker’, is most likely a work in progress as the implementation of the encryption “doesn’t come close” to the notorious Cryptolocker Windows ramsomware that hit the headlines recently, ESET malware researcher Robert Lipovsky wrote in a blog post.
“Nevertheless, the malware is fully capable of encrypting the user’s files, which may be lost if the encryption key is not retrieved,” he added.
“While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them.”
Once downloaded, Simplocker scans the Android device’s SD card for various file types – including jpeg, avi and mkv – encrypts them and demands a ransom from the user to decrypt them.