Malware targeted at Ukraine sees hackers move further into mobile market.
Android phones are now vulnerable to ransomware, following the discovery of a Trojan virus capable of encrypting SD cards.
SimpleLocker, thought to be the first of its kind, scans SD cards on mobiles and tablets before encrypting files and sending a ransom note to the device owners.
The message, written in Russian, says: "The device is locked for viewing and distributing child pornography, zoophilia and other perversions. To unlock you need to pay 260 UAH [Ukrainian hryvnia]."
ESET, the Slovakian security firm that uncovered the malware, believes it is targeted towards eastern Europe, an area notable for being the source of many cyber-attacks, and thought to contain a number of criminal hacking gangs.
The warning message says that after payment the device will be unlocked, threatening that the encryption will be made permanent if victims refuse to respond to the ransom.
Like other forms of ransomware, the virus connects to a command and control server to confirm payment, with the server hosted on a TOR.onion domain to ensure the hackers remain anonymous.
Now that Android can be targeted with ransomware hackers have sewn up a significant proportion of the market, Australian Apple customers having suffered similar attacks only last month.
Robert Lipovsky, security intelligence team lead at ESET, said: "While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them."
He added that keeping to good security practices, such as avoiding untrustworthy app sources and backing up data, would reduce the risk and damage from ransomware attacks, which have recently enjoyed a high profile in IT security circles.
The malware is significantly less advanced than CryptoLocker, which recently made headlines after the National Crime Agency (NCA)managed to temporarily disable a network responsible for distributing the ransomware alongside a variant of the Zeus trojan.