14 DAY TRIAL // Avast announced today the availability of Ransomware Removal, an app designed to clean Android devices of Simplocker Trojan, as well as to unlock files affected by the threat.
The tool is available for free on Google Play, where the description says that it can remove Cryptolocker/Simplocker threats from the device and decrypt the data encrypted for ransom demands.
Detected at the beginning of the month by ESET security firm, Simplocker is a Trojan that runs an AES encryption routine on the affected device, targeting images, video files and documents (JPG, PNG, BMP, GIF, PDF, DOC, DOCX, TXT, AVI, MKV, 3GP, MP4).
It can also collect information from the device, which consists of IMEI number, device model, manufacturer of the product/hardware and the version of the operating system, and send it to a remote server.
Researchers at Kaspersky Lab discovered a variant of the threat that can take a picture of the victim via the phone’s built-in camera and display it in the ransom message.
Avast Chief Operating Officer, Ondrej Vlcek, says that, “Simplocker blocks access to files stored on mobile devices. Without our free ransomware-removal tool, infected users have to pay $21 [€15.5] to regain access to their personal files.”
“Even though we are seeing exponential growth in ransomware on mobile devices, most of the threats to encrypt personal files are fakes. Simplocker is the first ransomware that actually encrypts these files, so we developed a free tool for people to restore them,” he adds.
Another solution for retrieving files encrypted by Simplocker has been presented by an undergraduate student at the University of Sussex, United Kingdom, by the name of Simon Bell.
After reverse-engineering the threat, he found the encryption and decryption method used by the malware, along with the password that protected the operation. The student then built a Java program capable of unlocking the hostage data.
However, the program is not addressed to the regular user because it needs to be packaged as an Android app, a task that requires a special set of tools.
According to a press release sent to us by Avast, “Anybody infected by Simplocker or any other type of ransomware can download the free avast! Ransomware Removal tool.”
Installation of the app on the affected Android can be initiated from any device with an Internet connection, by accessing Google Play store. After launching the removal tool a scan is started, followed by the elimination of the virus and decryption of the locked files.