CryptoLocker copycat holds Android data for ransom

United States authorities may have taken down the CryptoLocker malware operations, but security software vendor Sophos Ltd., warns of a mobile malware following the footsteps of the Windows ransomware.

Previously, Sophos already reported on an Android malware called Koler that that claims to have encrypted a user’s mobile data which could potentially land the user in trouble with the police. Taking a page from the CryptoLocker playbook, Koler demands a payment to decrypt the data.

Koler, in fact is just bluffing as it cannot encrypt data. It just takes over a device’s screen by plastering it with a message that is hard to get rid of. Sophos said it can be uninstalled of by simply rebooting your Android device. Here’s how.

However Paul Ducklin, chief technology officer of Sophos, said there is another malware known as SimpleLocker (also called Andr/Slocker-A) that really encrypts users’ data and holds it for ransom just like CryptoLocker does for Windows computers.

In a recent post on the Sophos blog site Naked Security, Ducklin said that SophosLad has seen a number of variants of SimpleLocker that target devices in Russia and Ukrain. Much like Koler, the malware fills a user’s screen with a message that will not go away.

Here’s a sample of that message:



Ducklin said victims could try to reboot their device to get rid of the malware but users have to be quick because it reappears on the screen pretty fast.

Users might not encounter SimpleLocker if their Android device is configured to download only software from Google Play.

SimpleLocker is not cloud-controlled like CryptoLocker. The malware uses an encryption key that is embedded in the SimpleLocker code itself rather than from command centre.

“That means unlike CryptoLocker, it will detonate even if it can’t call home to the crook’s own servers,” wrote Ducklin. “But it also means that it is possible, albeit with some effort, to recover your files if you get hit, since you can tell how the files were encrypted and what key they used.”

For the five steps on how to deal with Android malware and ransomware, click here



Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web