James Delahunty
4 Jun 2014 15:04
ESET has identified the first form of ransonware for Android that actually encrypts personal files on the device's memory card and won't decrypt them unless a ransom is paid.
Previous forms of ransomware found to affect Android devices typically used lockscreens or other methods (such as making it impossible to launch apps) to force a user into a payment. This one is more insidious because it actually encrypts files on the devices, specifically files with the extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4. The image with this article shows files in Total Commander that have been encrypted by the malware.
The app is in Russian and is likely only affecting a very small number of devices in that region. It demands payment in Ukrainian hryvnias (260 UAH, roughly $21, €16) using Ukraine's MoneXy payment service. When it finds its way to an Android device, it prompts the following message in Russian:
WARNING your phone is locked!
The device is locked for viewing and distribution child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1. Locate the nearest payment kiosk.
2. Select MoneXy
3. Enter {REDACTED}.
4. Make deposit of 260 Hryvnia, and then press pay.
Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours.
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!"