The ransomware can encrypt the user data and lock the device after receiving a command from C&C server, then requesting ransom as an exchange for decrypting and releasing the locked device.
File encoding ransomware is a very popular type of infiltration for malware creators. They can easily gain a large amount of money. Mainly for infamous TeslaCrypt, Locky or Cryptolocker from the Windows platform. These threats can make a lot of damage by encrypting all the data on a user’s computer. Android is not an exception. The first Android file encrypting ransomware was discovered in 2014 known as Simplocker.
|Figure 1 Ransomware spreads as porn apps|
Figure 3 File encryption
In the comment, enter a unique code - 123,753
In 5 hours, the files will be recovered successfully.”
But the price can be changed as it was in Simplocker. At first, the Simplocker requested ~15 USD and targeted Russia and Ukraine. New variants then started to request up to 500 USD and targeted English speaking regions. Hopefully, the same scenario as in the Simplocker case won’t follow.