Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Simplelocker variant


  • Please log in to reply
3 replies to this topic

#1 sage19

sage19

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 28 May 2015 - 11:29 AM

Anyone here run into Simplelocker on a android phone? Have a customers phone that was infected and encypted. Managed to disinfected the phone and regain access to it, but haven't had any luck decrypting the files. Used the utility that Eset has on their site and that didn't work. Customer didn't really have anything encrypted that he's worried about, more an exercise for me in case someone else walks in with the same problem.

I have saved the apk file that infected him if there is someone who is interested in sample to analyze.



BC AdBot (Login to Remove)

 


#2 hedgeley

hedgeley

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bristol/Bath UK
  • Local time:08:05 AM

Posted 29 May 2015 - 02:29 AM

Hi sage19,

 

I haven't had any experience of the said infection but this might be worth a read,

 

http://www.theregister.co.uk/2015/05/26/android_ransomware_mobile_scam_fbi/

 

hope this may help

 

Hedge



#3 sage19

sage19
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 29 May 2015 - 06:03 AM

That link talks about one that looks just like this, but the virus truly either damaged the files or encrypted them. FIles were modified with a .locked extension, and renaming the files showed an unopenable file. I'll hop over to the malware forum and see if anyone have an idea. Thanks though!



#4 hedgeley

hedgeley

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bristol/Bath UK
  • Local time:08:05 AM

Posted 29 May 2015 - 06:46 AM

No problem Sorry it was not more help.

 

Hedge






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users