If you go to a website and suddenly see a notice saying all of your files have been locked, you can be sure that your PC has been hit by ransomware. In this case, you have a limited amount of time to send a ransom or you will lose all of your data.
Namely this message is displayed to all computer users who have been attacked by CryptoLocker. Despite the fact that lots of command and control servers are down now, this threat still looms out there.
Just imagine that this is not your PC, but your phone this time. In fact, not many people back up the data on their phones nowadays. This means that a bit of malware like this could be disastrous to some of them.
It seems that this is exactly what someone has done to the Android world. Android/Simlocker is the new malware that has been discovered by the security researchers recently. This malware digs into your SD card and encrypts the files there.
The type of these files look similar to pictures and documents, which together with your music and videos, are encrypted using a form of AES encryption and the extension is changed to .enc. Apart from screwing up your files, the little bug grabs information about your phone (IMEI number etc.) and sends it back to command and control servers Via the TOR network by using HTTP/HTTPS.
At this point, it is still not certain how Android/Simlocker has been distributed, however the installation turns out to be a manual one. This means that it is probably coming in through a poisoned application.
Currently, the ransom that users are asked for, is rather small at around $21, though this could change fast as it happened with CryptoLocker. In any case, the good news about this new bit or mobile malware, is that the files can be easily recovered if you have a backup of some sort (Google’s built in backup or third party).
Besides, it looks like this new bit of code is very immature, ESET even described it as being like a proof of concept. In other words, it could become more sophisticated and develop new “features” which could prevent or limit the effects of a backup.
Keeping in mind the massive lack of real malware security on mobile phones, it is not surprising that the beginnings of this new and nasty malware trend has taken so long. It is also not surprising that the new malware appeared shortly after Apple had a ransomware fight of their own.
