A New variant of the Android Ransomware known as ‘SimpLocker’ has been spotted by Security researchers. The Ransomware encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
Infected users recieve a message in English that masquerades as an alert from the U.S. Federal Bureau of Investigation about illegal pornographic content being found on the device. The victims are instructed to pay a so-called fine of $300 through a payment service called MoneyPak.
The previous list of file types encrypted by the old version of the malware included mostly images and documents. The new version also encrypts archive files with the .zip, .7z and .rar extensions.
The malware installer poses as a Flash video player application and requests administrator privileges. This makes the new Simplocker much harder to remove once installed.
The good news is that Simplocker’s authors still haven’t improved their encryption implementation, which relies on a hardcoded key which can therefore be undone. The new variant uses a different key than the original versions, but users are still able to recover their files without paying.