United States authorities may have taken down the CryptoLocker malware operations, but security software vendor Sophos Ltd., warns of a mobile malware following the footsteps of the Windows ransomware.
Previously, Sophos already reported on an Android malware called Koler that that claims to have encrypted a user’s mobile data which could potentially land the user in trouble with the police. Taking a page from the CryptoLocker playbook, Koler demands a payment to decrypt the data.
Koler, in fact is just bluffing as it cannot encrypt data. It just takes over a device’s screen by plastering it with a message that is hard to get rid of. Sophos said it can be uninstalled of by simply rebooting your Android device. Here’s how.
However Paul Ducklin, chief technology officer of Sophos, said there is another malware known as SimpleLocker (also called Andr/Slocker-A) that really encrypts users’ data and holds it for ransom just like CryptoLocker does for Windows computers.
In a recent post on the Sophos blog site Naked Security, Ducklin said that SophosLad has seen a number of variants of SimpleLocker that target devices in Russia and Ukrain. Much like Koler, the malware fills a user’s screen with a message that will not go away.
Here’s a sample of that message:
Ducklin said victims could try to reboot their device to get rid of the malware but users have to be quick because it reappears on the screen pretty fast.
Users might not encounter SimpleLocker if their Android device is configured to download only software from Google Play.
SimpleLocker is not cloud-controlled like CryptoLocker. The malware uses an encryption key that is embedded in the SimpleLocker code itself rather than from command centre.
“That means unlike CryptoLocker, it will detonate even if it can’t call home to the crook’s own servers,” wrote Ducklin. “But it also means that it is possible, albeit with some effort, to recover your files if you get hit, since you can tell how the files were encrypted and what key they used.”
For the five steps on how to deal with Android malware and ransomware, click here