The infection begins with malicious advertisements that claim that the user must install Adobe Flash Player to view videos.However offered APK file is Simplocker-ransomware. Once activated the ransomware encrypts files on the device and displays a warning that is supposedly from the FBI coming. It states that the user has visited porn sites banned and therefore device is locked.
To regain access should be a fee of $ 200 is payable. In the first version of Simplocker stood in the source code encryption key to encrypt the files. It was a generic key that was used for all infections. This variant was able to encrypt more than 20,000 devices, but it is unknown how many victims also paid. Various parties came namely with free decryption tools.
The now discovered variant used for each infection, a unique encryption key. Victims also be advised to backup the encrypted files and wait until there is a possibility to decrypt them. Anti-virus company Avast that the new specimen discovered recommends at least occasionally to pay the ransom because it would encourage ransomwares writers to continue.
No comments:
Post a Comment