Is CryptoLocker Ransomware arriving on Android?

Is CryptoLocker Ransomware arriving on Android?

Summary: How much would you pay to free your Android smartphone or tablet from CryptoLocker? How about to get your phone to stop displaying a message that you've been downloading kiddie porn?


CrytoLocker Ransomware, the malware that locked up PCs until you paid off $300 and the so-called Menace of the Year, may have jumped from Windows to Android.

Android Crytolocker Screenshot
The U.S. version of the Android malware purporting to be CrytoLocker.

ThreatPost reports that the Reveton cyber-crime gang is advertising an Android version of CryptoLocker. This program seems to have no way to actively infect an Android smartphone or tablet. To get it you have to actually download the APK file.

To trick you into doing this, the malware masquerades as a porn application. As you'd expect, this malware is designed to hide out on porn sites. If I'd said it once, I've said it a thousand times, never download Android apps from third-party sites of any sort and don't, no matter what operating system you're running, download programs from porn sites.

If you're fool enough to do this anyway and get infected, any time you try to use your device, you'll be shown a warning display that accuses you of viewing child pornography or equally ugly and illegal porn. It then goes on to say that you'll face a jail term of five to 11 years, unless, of course, you make a payment of $300 via MoneyPak. This is a legitimate pre-paid debt card service.

At this time, it's unclear if this malware, labeled Koler.A really is a port of CryptoLocker or simply a malware program using the infamous ransomware name in vain. From the limited experience security companies have had with this program it seems most likely it is not actually encrypting your files.

That said, getting rid of Koler.A is currently a major annoyance. Android anti-virus programs don't have a fix for it yet. If you can move the program's icon to the trash, however, that "seems" to get rid of the program. The trick is you only have five seconds to delete it before the ransomware screen takes over your display.

Related Stories:

Topics: Security, Android, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not sure about Android...

    But, when this pops up in firefox on a PC, just close firefox

    When you open firefox again, it will return to the warning above!

    Close firefox a second time and it's gone for good as firefox will then allow you to permanently close the malware page the next time you open firefox
    • Of course...

      The fix above only works with the scareware version that does not encrypt any files

      For the version that actually encrypts files, just be sure you are surfing securely with Driveshield installed on your XP machine

      WHAT? You don't use XP because it's not safe?
      Well then, pay the man $300 from your Windows Spyware 7 or 8 machine because Spyware 7 and 8 cannot be secured like XP can

      Tired of Gov't sponsored malware on your Spyware 7 or 8 box like Stuxnet and all the newer C&C malware?
      Well, you could upgrade to XP, but I'm a Tinfoil Hat wearing Nuttcase without any facts and hasn't taken his meds today, R I G H T ?

      So I guess your just stuck with the malware

      or you could run a Linux Live Distro from a thumbdrive for free and keep all your Intenet setting in a Persistent File (Google YUMI 2.0) and simply replace the persistent file with a fresh one if anything goes wrong (I keep fresh copies of the Persistent file in different sizes for just such an event)

      or you can keep Spyware 7 & 8 cuz you iz so shmart and trendy
      • Surfing Porn From A Thumb Drive

        - Very Kinky!
      • Hmmm

        I manage over 4,000 PC endpoints around the world and our virus infection rate plummeted when we migrated off of XP. XP x64 was always a mess to manage and being able just to run a x64 OS makes you more secure due to the memory management and random number generation along with other security features.

        XP is a mess and needs to die. DIE!!!
        Rann Xeroxx
  • Android needs to fix it's app problems

    Android is very loose when it comes to it's apps. It's the windows of the mobile world. They shouldn't even allow you to download apps from 3rd parties. Even worse is that Android is very loose when it comes to their own app store. They let a $3.99 app that does absolutely nothing reach the top of the store.
    Brock Jones
    • ....Android is very loose .......

      Android by default does not allow you to install apps from 3rd party sites. You need to go into the settings and tick a box to allow this. A warning is given that allowing this could be dangerous. If you get infected by a 3rd party app it is your own fault.

      Agreed, Getting infected by a play store app is a different story......
    • @Brock Jones

      "They shouldn't even allow you to download apps from 3rd parties."

      Each to his or her own, of course... but that is one major reason why I choose Android over iOS. I want guidance, sure, but not forced hand holding. I like how Android offers warning and protection -- but still gives users the option to diverge when they wish to.

      "Third party" apps are not all malicious. But to me, that's not even the point. I certainly do not wish to live in some sort of nanny state.
      • The whole Idea behind the "Metro" side of W8

        is for MS to do exactly that - Ballmer's plan was to gradually move everybody off the W7 platform and onto Metro, as an Apple-style walled garden with complete control and a cut of all sales. We'll see if this is continued under the new CEO, but give up the idea that it's unthinkable for Windows.
    • And The Windows PC Software Market ?

      Do you seriously expect MS to verify every application that runs on Windows ? Apply the same common sense as you would for a Windows PC. Security is a process, not a product.
      Alan Smithie
    • Why not?

      It's just like Windows and OSX. You can download unverified third part software on both of them, should that be disabled too?
    • The very reason some choose Android

      I'm not a fan of Apple's walled garden and their proprietary ways. I'm betting many others aren't, either. Applying some common sense in many cases will keep your phone clean and out of trouble. I'd rather be responsible for me than to hand that off to Apple.
  • Easy fix

    There are several easy fixes if you get something like this on your phone. Something like this is much less of a problem on phone than a PC since most important data gets synced by default. Call your carrier's tech support.
    • Agree with a Caveat

      Just make sure your syncing arrangement isn't too automated -- where files (e.g. photos) newly encrypted on your device automatically sync and replace your good files up in the cloud.
    • As long as...

      you turned syncing off *before* it started encrypting your data! If you didn't, then your cloud copies will be nicely encrypted as well!
  • I thought Linux was coming to the Desktop, as Android.

    I read that somewhere, that this would be The Year of the Linux Desktop, only not how we expected, was more or less the message.

    So much for any sense of security with Android. What a shame that same people that BASH Microsoft for all their security lapses, are so shamefully silent about the the massive security issues that have been in Android, and continue to be discovered and exploited. I'm willing to bet that this is only the beginning.

    I'll stick with my WP, and my genuine Linux desktop, thank you very much.
    • What security lapse?


      Quoting the article: "This program seems to have no way to actively infect an Android smartphone or tablet. To get it you have to actually download the APK file." ...and to do that you have to manually allow third-party software.

      Wow, newsflash!
      If you let code run on your device, if may do stuff. Who knew?
      • spelling

        "it may" instead of "if may"
        Need an edit button on this site.
  • Easy to remove without ransom

    Just factory reset your device. Every device has a way to reboot it without pulling the battery (as most phones don't have removable batteries anymore), then just get into the recovery mode of the phone, then factory reset (easy google search away). It's pretty simple. The apk that was 3rd party downloaded will not be cloud synced, nor will your data be affected. That's not how Android allows apps to work with cloud syncing data.

    Google will reload all the legitimate apps on your phone from the play store, contacts and details are synced already to the cloud, photos should be backed up with G+ autobackup or dropbox autobackup (you're a fool if you don't do this). This article is good because it points out the flaw in human error not in Android, however, it should include the way to get out of it as I've mentioned here. Android is very secure, people however, are not.
    • local sync

      Would be even better if you could do **LOCAL** sync, then you don't even have to bother with the "cloud". But then again, that has been the MOST glaring *flaw* in all mobile OSes after PalmOS: no way to save, sync and manage your OWN data without having to rely on some server in a dirt-floor shack in Bangalore. Until such time as current mobile OSes add the necessary record-level sync like we had with PalmOS, none of them will ever be truly useful.
  • Being safe is easy.

    1. Update! Criminals don't care if you "don't have the time" to run updates. I spend about 4 hours a months making sure at the very least the OS and AV/AM are up-to-date on all my devices.

    2. Never use your computer as Administrator. 99% of all malware (100% of malware that involves Internet Explorer) is thwarted when you run as a user instead of Administrator.

    3. Uninstall Java unless you know for sure it's something you **NEED**, and always make sure it is up-to-date! My old bank required me to run an antiquated version of Java to use their online banking. I first informed them of the problem and requested an update, then moved my money to a new bank when they refused to comply. I refuse to do business with companies who suffer from normalcy bias. It's not worth the transfer of all my money to a criminals bank account.

    4. Never offer information over the internet unless you initiate the action. Never respond to an email requesting personal information. Always find the originator and initiate contact with them through another channel like the telephone.

    5. And finally, if it sounds to good to be true, IT IS! If the communication tries to use emotion in order to get you to act, it's probably malicious.

    -More advanced options-

    6. Run a rudimentary content filter like OpenDNS.

    7. Do not use your ISPs provided router. Buy a router that runs one of the Open Source firmwares like DD-WRT or Tomato.

    8. Pay attention to the SSL certificate on a web page. If it is expired or selfsigned the information is NOT worth the risk.

    9. Disable any and all electronic transfers options at your bank. If you can't transfer money to people outside of your bank, neither can criminals.