Android Gets Hit With First Ever Ransomware: simplocker
Less than a month ago a new ransomware called simplocker was detected. This is Android’s first form of crypto-ransomware. The idea of ransomware is that once it is downloaded to an android device it secretly encrypts files stored on the SD card.
Once the SD card is encrypted the phone is locked and the owner of the android device will see a warning message that says their phone has been used for illegal activity and will remain locked until the user pays $300. Once the ransom is paid the users will have their phones unlocked and information restored within 24 hours. According to slate.com the notifications for the warnings are in Russian.
In May simplocker was being sold on a virus writer’s website forum for $5,000. Now there are 30 variations on this Trojan that have mostly hit European countries. Although it has also been reported in Canada, Singapore and South Korea.
A user of an Android device can download simplocker without even knowing it. According to arstechnica.com. Simplocker can pretend to be an app called “Sex xionix” a game or a custom media player that are available for download through different websites.
If you are suspicious about downloading an app look at how many downloads it has, the fewer downloads the less secure the app. Also look at the developer accounts, if the account seems insufficient don’t download the app.
Once downloaded the ransomeware part of simplocker’s code takes over. It is able to encrypt images, documents, movies and other information that is stored on to an Android device. People who don’t use removable storage cards on their devices are not at risk for file encryption by simplocker but are still vulnerable to have their phone locked.
It is becoming difficult to trace the server’s physical location and to determine who is operating the simplocker. The worst part is that there is no built in mechanism for verifying if the payment was ever received. So the criminals operating it send individual unlock commands to each android device. But there is no way of telling if the criminals will in fact unlock the device. I guess you just have to trust that they will.
There is however hope for android users. This encrypting Trojan isn’t fool proof. There are way to keep your android device and information safe. Android users who have been affected by the ransomware can try rebooting into safe mode, you will be able to use your android device just not have access to the encrypted information.
If you are an android user who hasn’t been affected remember to constantly back up your Android device. Treat it like your computer. Backing up your information could help save it and keep your android encryption free. You can also use google auto to have all of your photos backed up from your phone or try using the cloud for storing your information. You can also download security apps like Bitdefender Mobile that can keep your Android guarded.