Appeared to be a simplelocker ransomware from the best I could see which threatens to encrypt your files, but doesn't. However when I examined the users phone from a pc, I noticed that some of the files had been renamed with a .locked extensions, and that renaming the files revealed that they were damaged / encrypted.
Customer isn't worried about the few photos that were damaged and we got the phone cleaned and working again, but wanted to see if there is a way to decrypt or repair files in this case. I kept a copy of the apk in case it was of any interest to anyone to examine, and a sample of the encrypted files.
I did see that Eset had a simple locker decryptor, but the tool didn't see his files as being encrypted.
Again, no real need to get the files decrypted, its just that at the shop where I work we've been seeing a number of crypto infections and variants and I consider a win anytime I can recover anything. Tired of having to tell customers that their entire digital collection is forever lost to these damned bugs...
Edited by boopme, 29 May 2015 - 11:33 AM.
Moved to General Security