Latest IT Articles

ESET Discovers Android File-Encrypting Ransomware

Ever wondered why we recommend ESET to our clients? It’s not just because it is the only antivirus never to have missed an in the wild virus, it’s because ESET is proactive in all areas of security and has a fantastic in-house research team to keep them up to date on the latest threats.

Only the other week one of ESET‘s engineers discovered the mobile Trojan, Android/Simplock. This latest threat is a file-encrypting ransomware for Android phones. Once it has been downloaded it scans the SD card for certain types of files (any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES), encrypts them and then demands a ransom to decrypt the files.

The victim’s first indication of the Trojan is a ransom message, whilst it encrypts the files in the background. The message reads:-
“WARNING your phone is locked!
The device is locked for viewing and distribution child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.

  1. Locate the nearest payment kiosk.
  2. Select MoneXy
  3. Enter {REDACTED}.
  4. Make deposit of 260 Hryvnia, and then press pay.

Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours”
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”

To decrypt the files the victim must pay a fee via MoneXy (an unsecure service which is difficult to trace). Files may be lost if the encryption key is not retrieved.

The unfortunate truth is that even if the victim pays there is no guarantee the files will be decrypted. With this in mind we’d advise you to protect yourself against such threats using preventative and defensive measures.

Whether it’s personal or business devices, if you’d like further information on security options or a quote, please give us a call on 0845 370 2202 or drop us an email with your details to [email protected]

Top

Call us 0333 370 2202

Or email us: [email protected]