Once installed in the phone, Simplocker displays an icon named \u201cSex xonix,\u201d as shown in the image below.<\/p>\n
What Does Simplocker Do?<\/span><\/p>\n – Simplocker is a Trojan horse that masquerades as a harmless application for Android devices. Once installed in a device, it displays a message in Russian. The message informs the user that his data has been encrypted and demands a ransom to decrypt it.<\/p>\n – The ransomware disables the Back and Home button on the compromised device, when it displays its message on the screen. This makes it difficult to uninstall it. The malware is also designed to start every time the device boots.<\/p>\n – Simplocker scans the SD card of the infected device for various files including pdf, doc, mp4, png, jpeg, etc., and starts encrypting them. In other words, the malware converts files, videos, music files, pdfs, text files, and images into a form that cannot be read or used by the user.<\/p>\n – The Trojan sends the IMEI (International Mobile Station Equipment Identity) of the infected device to a remote server. This way, the attacker can know when the victim pays the ransom.<\/p>\n Some Important Facts About \u00a0Simplocker<\/span><\/p>\n – Simplocker, currently, is only prevalent in the Ukrainian region.<\/p>\n – It has not been found in Google Play store.<\/p>\n – It demands a ransom of 260 Ukrainian hryvnias (\u00a313) to decrypt the encrypted data of the victim\u2019s phone.<\/p>\n![\"Android](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2014\/06\/android_ransomware_simplocker1.png\")
<\/a><\/p>\n