Authored by a Symantec employee
Tens of thousands of Android devices have potentially been affected by a new variant of the Simplocker ransomware. Ransomware is a malicious type of software that either locks or encrypts your files or device, and leaves an alarming message demanding that the owner of the device pay a “ransom” to get their files or control of their device back.
This malware masquerades as a legitimate application, looking exactly like one you might find in the official Google Play Store. Once installed, it encrypts files on the device and displays an image posing as a warning from the US National Security Agency (NSA). The message claims that the user has conducted illegal activity and asks them to pay a fine:
The research comes from Checkpoint, which analyzed a malware sample first reported by Avast earlier this year. Checkpoint estimated that tens of thousands of Android devices have been infected with this threat, and that the majority of victims were located in the US. The company added that around 10 percent of victims paid between US$200 and $500 in ransom payments, allowing the attackers to earn between $200,000 and $500,000 for every 10,000 infections.
Symantec and Norton Protection
Symantec and Norton products detect this ransomware Trojan, Android.Simplocker.B. If you have an Android device, you can download Norton Mobile Security for free. For robust protection on all of your devices, check out Norton Security. Symantec Security Response researchers are collecting the new samples mentioned in Checkpoint’s blog to see if detections need to be updated.
Top Tips To Safeguard Your Device from Ransomware:
- Don’t pay the ransom. These criminals are trying to extort you. The chances that you’ll get your files back are slim, and, by paying the ransom, you’re funding the bad guys so that they can continue to commit this crime. By not paying the ransom, you’re helping to defund their organization.
- Back up your device. By backing up your device regularly, you always have your files safely in hand, and you don’t have to worry about losing them, should a bad guy try to hold your device for ransom.
- Be wary of emails from senders you don’t know, particularly if those emails have attachments or links. Whatever you do, don’t click! Those attachments or links could provide a path for malware to get onto your device, letting the cybercriminals in.
- Avoid downloading apps from third party app markets, and be wary of “free” apps that seem to offer benefits that are “too good to be true” (free in-app purchases, free versions of paid apps, etc.). If you have Norton Security or Norton Mobile Security on your device, Norton Mobile Insight technology can screen apps in Google Play before you download them, letting you know which apps are trusted and secure.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.