Security experts are stating that Google's Android operating system has a chance to fall prey to a Trojan malware of the ransomware variety - which encrypts photos, videos, and documents stored on the SD card of the Android device, demanding a ransom in order for them to be decrypted/ restored.
Some experts had earlier warned Internet users of a ransomware called CryptoLocker that infected a computer through social media and emails.
Eset states that after encrypting content on the device, the app sends a random message written in Russian and asks for a ransom to be paid in Ukrainian Hryvnias. The message roughly translates to:
"WARNING your phone is locked!
The device is locked for viewing and distribution child pornography, zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1. Locate the nearest payment kiosk.
2. Select MoneXy
3. Enter [REDACTED].
4. Make deposit of 260 Hryvnia, and then press pay.
Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours.
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!"
Android/Simplocker uses advanced encryption standard (AES) to encrypt files certain file extensions (jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4) on the smartphone's SD card. It is still unclear if paying the ransom decrypts the data but Eset is advising affected users against it. Sophos reports the malware can be removed manually by rebooting into safe mode or by recovering the AES key stored inside the malware. The latter technique needs some technical know-how.