Simplocker Android ransomware variant identified, tougher to decrypt files

February 10, 2015 – 5:50 PM

A new and improved variant of Simplocker ransomware for Android devices is currently being distributed, according to Avast.

When Simplocker was first identified in June 2014, it was considered possibly the first ransomware for Android devices that encrypts files. However, the encryption key was hardcoded inside the malware and was not unique for each device, meaning the so-called “master key” could simply be used to unlock any infected device without paying the ransom.

That is not the case anymore.

“This new variant has a more sophisticated way to encrypt the files inside the device,” Nikolaos Chrysaidos, Avast mobile malware analyst, told in a Tuesday email correspondence. “It generates a unique key for each device that it infects, making it more difficult to decrypt the files on each device.”

The latest variant of Simplocker infects users when they navigate to less-than-reputable websites and are alerted that they have to download a “Flash Player” to watch videos, a Wednesday post indicates. Once the app is installed and opened, the “Flash Player” requests administrator privileges that, when granted, activates the ransomware.


You must be logged in to post a comment.