Simplocker Android Ransomware Now Better, Stronger

An example of Simplocker's new English-language lock screen. Credit: ESET.An example of Simplocker's new English-language lock screen. Credit: ESET.

Simplocker, the first encrypting piece of Android ransomware, has evolved since it was first discovered two months ago. It now targets U.S. residents, encrypts more files and takes greater control of an infected device.

Bratislava, Slovakia-based security company ESET said in a blog post yesterday (July 22) that the latest versions of Simplocker post messages in English rather than Russian and demand payment in U.S. dollars rather than euros or Ukrainian currency. Worse, the malware now tries to trick victims into granting it device-administrator privileges, making it harder to remove.

MORE: Best Android Antivirus Software 2014

When it first appeared, Simplocker could encrypt images, documents and movies stored on an Android phone or tablet's SD card, rendering the files inaccessible. Now it also encrypts archives such as ZIP, 7z and RAR files. As ESET's Robert Lipovsky explained, many Android devices store backups in these file formats; having an attacker encrypt backups would be a problem.

Simplocker usually gets onto Android devices by pretending to be a media player or game, and now also asks users to let it become as a device administrator as it installs. ESET provided a screen shot:

An example of how a disguised Simplocker may ask for device administrater rights. Credit: ESET.An example of how a disguised Simplocker may ask for device administrater rights. Credit: ESET.

Like other "police Trojans," Simplocker puts up a screen masquerading as an official notice from law enforcement, telling the user he or she has been caught possessing illegal pornography and must pay a fine for the device to be "released." Now that Simplocker is in English, the notice looks as if comes from the FBI, and the fine is $300, payable via a MoneyPak voucher.

Fortunately, the encryption method is "not exactly NSA-grade," according to ESET, although the encryption key appears to have changed. If you've been infected with Simplocker, do not pay the ransom; instead, use ESET's Simplocker Decryptor App or a similar tool from Avast that can be downloaded remotely to a locked phone.

As a general rule, don't download apps from outside the Google Play store, especially from porn sites, which the Simplocker installer likes to hang out on. And never, ever give strange apps administrator privileges on your device.

Email or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
  • house70
    Screenshot looks like a couple Android versions old.

    Common sense remains paramount when using computing devices (from smartphones to PCs).

    Lastly, I have yet to see the first of these infected devices "in the wild", so to speak. Maybe because my friends have some common sense and easily avoid pitfalls, or maybe because the occurrence is extremely rare.
  • johnathanl
    Seems like it's just fear mongering, same way Windows is seen as a magnet for viruses.