Android / Simplocker.A encrypts user files, blocking access to the device and demands a ransom for the decryption. While blocking message is written in Russian, and the amount specified in the redemption Ukrainian hryvnias.
Simplocker running extortion scheme, which is widely distributed in the environment of Windows. ESET experts found that the authors of Android-extortionist come close to the concept of a known virus Cryptolocker, detected at about the same time.
Simplocker distributed under the guise of applications «Sex xionix» on torrent trackers and other sites with mobile applications. Once installed, it checks the file system tablet or smartphone on the availability of images, documents and video files with the extension jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4. Finding desired, the program encrypts the file using a symmetric encryption algorithm AES.
By blocking device, Simplocker offers a sacrifice to pay the ransom through MoneXy – unlike conventional payment systems that work with credit cards, customers of the service is difficult to track.
blocking message does not contain special fields for entering the code, proof of payment. Instead Simplocker interacts with a remote server, waiting for information from him about the transfer of funds, as well as send information about the device, eg, IMEI-identifier. URL of the server is located on the domain. onion, owned by anonymous network TOR, which also complicates the search for intruders.