First Android Ransomware that Encrypts SD Card Files

Complete Solution to get rid of First Android Ransomware

First Android Ransomware that Encrypts SD Card Files


Generally, cybercriminals targets PCs with Ransomware malware that encrypts your files or lock your computer system and request for a specific amount to be paid in a limited time-period. Cyber criminals have already started creating malicious software programs to send ransomware malwares to your android devices.

A new Police ransomware malware has been reported, it locks the device unless the victims pay a ransom to unlock the phone. Malware locks the mobile screen and loophole its implementation and allow the users to recover their data stored on SD card and device too.

To beat such situations, threat actors has taken step of encryption in the development of mobile Ransomware malwares. Few days ago, the security firm ESET has found a new Android ransomware, dubbed as android/simplocker.A; that can encrypt the files on the device SD card, in order to decrypt those files then claim a ransom from victim.

If it has been installed, the malware scans the SD card for such files types like document or video, image with extensions- jpg, png, jpeg, bmp, doc, gif, docx, txt, mkv, avi, 3gp, mp4 and encrypts them using AES in a part of thread in the background. After the encryption of the files, the malware shows the following ransom message, written in the Russian language, which shows undoubtedly aiming Russian Android users.



Android Ransomware that Encrypts SD Card Files



WARNING your phone is locked.

To unlock you need to pay 260 UAH.

2. Select MoneXy

3. Enter {REDACTED}.

4. Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!


“After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”

The Ransomware malware through the victim to pay the specific amount like 260 UAH, which approximately to $21 US, through the moneXy service, as the payment service is not so simply accessible at the usual credit card.

To preserve the secrecy of the malware author is using the command-and-control server multitude on TOR .onion domain and the malware delivers the information of the infected device like IMEI number to its server. The researchers at ESET are still in a process of analyzing the malware.

According to researchers, the malware is able to encrypt the victim’s files, which can be missed if the decryption key is not recover from the malware author by paying the specific amount, beside of this the researchers give advice for the users against paying the fine, because there is no assurance of it, and the hacker will provide the description keys after the payment of specific amount.

Alas, mobile antivirus products are able to identify known threats and can’t detect the similar new threats. For a safe side so keep the backup of Android device all files either manually computer system or use cloud backup services i.e. Google drive, dropbox etc, in sort of protection from the emerging threats.

Tips & Trick