Skip to main content

Simplocker ransomware threatens Android smartphones

There's been a lot written about the threat Cryptolocker presents to computer owners – particularly with the NCA's recent "two week warning" – but your PC isn't the only device vulnerable to ransomware, and a new threat is hitting Android handsets.

Simplocker is a mobile Trojan, and the first piece of file-encrypting ransomware to attack Android devices which security firm ESET spotted. Simplocker attacks the infected device by scanning its SD card for certain files (images, documents, and movies), which it then encrypts to make them unusable. The owner of the device is then presented with a ransom demand message, and must pay up to unlock the encrypted files and gain access to them.

The malware also contacts a Command & Control server on the Tor network to send ID details from the host device (like the IMEI number), and apparently listens to the C&C server for the command to unlock the data when payment has been made. Of course, generally speaking with this sort of ransomware, there's no guarantee that if you do pay up, the malware will do as promised.

Currently, Simplocker isn't much of a worry as it's targeted at the Ukraine (the payment demanded is 260 UAH, which is equivalent to £13), and ESET notes it's relatively rare, and not on the Google Play store. Indeed, ESET reckons that this is a "proof of concept" work in progress – the implementation of the encryption isn't nearly as slick as Cryptolocker.

However, this is very much a sign of things to come – and we can expect more sophisticated Android ransomware to be coded in the future, and to spread geographically. As always, to guard against threats you need a decent mobile AV product on your Android device, and you should steer clear of any dodgy third-party app stores. And all the usual protocols for safety on desktop computers applies – don't blindly click on dodgy seeming links, for example.

For more on the topic of phone security, check out our closer look at the most useful mobile security tools.