Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Android Ransomware Encrypts SD Card Files

A security firm has said they have found the first case of ransomware that encrypts files held by Android devices.

According to the firm Eset, the Trojan Simplelocker targets SD cards slotted into tablets and handsets, scrambling the data before demanding cash to decrypt it.

The message is said to be in Russian and the payment is requested in a Ukrainian currency.

Dr Steven Murdoch of the University of Cambridge's computer laboratory said: "File-encrypting malware has proved to be a lucrative criminal enterprise so it is unsurprising that Android has become a new target.

"Smartphone users should be very cautious of installing software from sources other than the operating system-provided application store, and should pressure their phone supplier to promptly provide security updates to defend against known vulnerabilities."

Security firm Eset, based in Slovakia, said owners of the android device were presented with messages saying their phone had been locked because they had watched "child pornography , zoophilia and other perversions".

The message then went on to instruct the victims to pay out 260 hryvnias ($22, £13) via the Ukrainian MoneXy cash transfer system.

The message added: "After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!"

Security researcher, Robert Libovsky said: "Our analysis... revealed that we are most likely dealing with a proof-of-concept or a work in progress - for example, the implementation of the encryption doesn't come close to 'the infamous Cryptolocker' on Windows."

"Nevertheless, the malware is fully capable of encrypting the user's files, which may be lost if the encryption key is not retrieved.

"While the malware does contain functionality to decrypt the files, we strongly recommend against paying up - not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them."

print this article

Return to internet news headlines
View Internet News Archive

Share with: