back to article New software nasty encrypts Android PHONE files and demands a ransom

Miscreants have brewed the first file-encrypting strain of ransomware that infects Android smartphones. The malware, dubbed Android/Simplocker by ESET, scans the SD card in a handset for certain types of file, encrypts them, and demands a ransom to decrypt the data. The ransom message is written in Russian, with payment …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    so another example of scum using TOR which is already widely abused by bots attacking email and web servers.

    1. Al_21

      ... just goes to show anonymity isn't always a good thing.

      1. Anonymous Coward
        Anonymous Coward

        Anonymity is always a good thing.

        How you use it defines whether you, yourself, are good or bad.

    2. Tommy Pock

      I've seen this argument before. Some complete bastards walk the streets, but we won't be banning streets

      1. Al_21

        Don't ban the streets, but also don't stop all the security cameras and be cautious about the person wearing gloves and a balaclava.

        The security camera's more useful catching a criminal than stalking me going on a stroll.

    3. Anonymous Coward
      Anonymous Coward

      This is increasingly becoming a daily news item.

      So much for not having a walled garden.

      But still at least you have the freedom to download any app you wish from any source you find.

  2. fishman


    Since it's an app you have to download, Android users who only download apps from Google Play will be unaffected.

    1. Terry 6 Silver badge

      Re: Safety

      Unless they sneak it under Google's radar. But that couldn't happen, could it?

      1. Captain Scarlet Silver badge

        Re: Safety

        Any walled garden app store may miss something when going through the thousands of fart apps that are sent in everyday, unless the source code is provided analysis of compiled objects may miss things.

    2. phuzz Silver badge

      Re: Safety

      It would be mildly tricky to get an app containing this malware into the android store, but by no means impossible.

      The difficulty would be in in picking exactly which legitimate app to clone or imitate in order to trick as many possible victims into installing the malware.

  3. Anonymous Coward
    Anonymous Coward

    Hmm, coicidence?

    That is appears so soon after iPhones were compromised in a similar manner...

    Anyone would think Apple cooked this one up..

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmm, coicidence?

      Please define "similar". Also "coicidence".

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmm, coicidence?

      This only affects files it has access to rather than locking the phone itself. A lot of Android phones don't have access to the SD Card and newer versions of Android don't allow access to files, even on the SD Card to other applications.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmm, coicidence?

        >> newer versions of Android don't allow access to files, even on the SD Card to other applications.<<

        Sweet! So why would I want files that nothing can read?

        1. Creamy-G00dness

          Re: Hmm, coicidence?

          >> newer versions of Android don't allow access to files, even on the SD Card to other applications.<<

          "Sweet! So why would I want files that nothing can read?"

          He did say even in your quote that it restricts file access to other applications, I think you sir may have the reading problem.

          "Sweet! Why did I quote something i did not read?"

          There FIFY ;)

    3. SuccessCase

      Re: Hmm, coicidence?

      There was no security breach of the iPhone OS. There were users who had used the same passwords on their Apple accounts as on other accounts and a miscreant (or miscreants) having got hold of a password list (as can be purchased from many sites on the Internet), had managed to log into some iPhone user accounts and use the "lock a lost or stolen iPhone" facility to lock the user's out of their own phones. The facility lets you post a message to the screen when the phone is locked. The message said something to the effect "your phone has been taken over, pay x to y if you want to access your files again"

      Actually the user could just log in to their iCloud account on any browser, and unlock it (though they would probably want to change their password first) If they had been so foolish as to use the same password on their email accounts, the hacker might also have taken those over, in which case they really would be stuffed. I didn't hear any reports of that happening, but lets face it, if they were using the same password with multiple accounts the chances were quite high some might have been so affected.

    4. Joe 35

      Re: Hmm, coicidence?

      "Anyone would think Apple cooked this one up.."

      Only for values of "anyone" = clueless tinfoil hat wearing conspiracy nut.

  4. Anonymous Coward
    Anonymous Coward

    Reset phone

    Download backups

    Total inconvenience is about 45 minutes.

    1. R 11

      Restoring from an actual backup would limit the inconvenience to about three or four minutes. It's a shame Google, in their drive to get us all relying on the cloud, haven't actually integrated a proper backup tool within Android.

      I'd love my phone to recognize it's at home and it's the middle of the night and to then start making a backup of itself to my NAS.

      1. armster

        You mean like an iPhone? Which does exactly that, or backs up to iCloud or both...

      2. FraserGJ

        I've already got that setup on my phone using a combination of Titanium Backup, FolderSync and Tasker

        Tasker kicks off a FolderSync task to sync my phone and SD card contents to my NAS (via samba) but only if (a) phone is connected to power (any state except battery), (b) wifi is connected to my home SSID AND (c) the time is 3:30am. I could configure it to check GPS to see if I'm actually at my house but I thought that was overkill.

        (Titanium Backup is for my apps and other data which syncs to another location on the NAS but you won't need that I suspect)

    2. big_D Silver badge

      Assuming that the phone hasn't already synced the encrypted files to the backup...

      1. DropBear

        "Assuming that the phone hasn't already synced the encrypted files to the backup..."

        Wait, you only keep one single version for backup...?

        1. big_D Silver badge

          I don't, but a lot of people assume that a cloud sync of their phone is a backup!

    3. Joe 35

      RIght, because everyone makes backups.....

      The 0.0000023% of Android users who take regular backups wont be in the population of clueless morons who download this trojan.

  5. jonathan keith

    "legit smut-viewing app"

    What, you mean a web browser?

    1. Kay Burley ate my hamster

      Ya beat me to it!

      I was gonna say, if you think you need an app to view porn you deserve the discomfort...

  6. Message From A Self-Destructing Turnip


    I am genuinely mystified why anyone would think its a good idea to store sensitive or non recoverable data on a mobile device, given their tendency for being; smashed, stolen, left in pub, dropped down toilet etc...

    1. ratfox

      Re: Why?

      Does it really happen so often? I don't actually know anybody who lost their phone, broke it, or had it stolen…

      I wonder what the numbers are. Probably very different from place to place.

      1. Gene Cash Silver badge

        Re: Why?

        I know 2 people that had their phone stolen, 3 that have lost theirs, and I've personally broken 2 phones because I just love dropping expensive equipment. Pro tip: a motorcycle fork leg w/o any fluid in it gets destroyed when you drop it, too. So does a DMM. And a crystal vase. And a CRT (tho that was on purpose)

        Also, if it's really dry and you build up a damn good static charge, your Moto G touchscreen will stop working when you zap it. Motorola did RMA it, even though I fully confessed to the deed.

        1. Sanctimonious Prick

          Re: Why?

          I've lost 2 phones, had one stolen, and, the first iPhone (iPhone 3) I had got dropped in the toilet, had a drink of beer, and several glasses of water, had the screen smashed, and the damn thing still worked! I bought that particular phone 2nd hand, and it eventually got pawned (hehehehe, that makes me giggle, dunno why, just does).

          I did have an iPhone 4 up until just recently, when I lost it, somewhere... but it was only being used for audio, pix, e-mail, www, and solitaire (hmm, that's quite a number of uses, think I'll miss it) - for some reason it wasn't very reliable as a phone, despite it's name.

          1. Sanctimonious Prick

            Re: Why?

            You're not going to believe it. No crap. Just found that missing iPhone 4. It has been missing for five days, and has a charge of 54% on the battery. Mind you, it is in "Plane" mode.

            I know it almost sounds like I'm spamming that fruity co. here in these forums, truly, I'm not. My real phone is not one of theirs. It's labeled "garmin asus," which I've never heard of with those two words/names together before this phone. "Garmin," I've heard of. "Asus," I've heard of, but not "garmin asus." Anyway, to those still reading, it runs on Android 4 point something-or-other, and it works perfectly as a phone - can't get the damn camera to work the way I want it to work; there doesn't appear to be any native "notes" type application, blah, blah, blah.

            Anyway, I'm glad to have that iPhone back that doesn't work as a phone but works almost perfectly for a lot of other "mobile" uses.

            edit: missed a word & punctuation

            1. monkeyfish

              Re: Why?

              No note-taking application? Surely that's what app downloads are for? Evernote? Google Keep? A myriad of others? If you just want text based note taking and nothing else (no cloudy backups) then try Jota, it's basically notepad for Android.

      2. Joe 35

        Re: Why?

        "I don't actually know anybody who lost their phone, broke it, or had it stolen…"

        You definitely need to get out more !

This topic is closed for new posts.

Other stories you might like