| Name | SimpleLocker |
| Type | Ransomware, RaaS |
| Short Description | SimpleLocker locks all of the user’s files and demands a payment. The Ransomware is detected on Android devices as well as other OSs. |
| Symptoms | Files are locked and a ransom message is displayed. Instructions are included in a desktop file. |
| Distribution Method | Distribution method is not clear yet. SimpleLocker may be distributed via unsafe browsing, corrupted attachments, drive-by downloads, malicious apps, etc. |
| Detection tool | Download Advanced anti-malware tool, to See If Your System Has Been Affected By SimpleLocker |
A new Ransomware infection, carrying the name ‘SimpleLocker’ is been detected by security software out in the wild. The attack may affect both Android devices as well as PCs. This type of trojan horse infection is employed with the purpose of scanning the victim device for necessary and important files and encrypt them. After that, it may leave a ransom note prompting the user to pay in exchange for the decryption keys. ‘SimpleLocker’ may change the files extension to an unfamiliar one(ex: .aaa, .crypt, etc). This type of ransomware uses a strong algorithm to encrypt user files that are very difficult to decrypt. The ransom payment for decryption of the files encrypted by ‘SimpleLocker’ is usually done by using anonymous TOR – based networking and involves BitCoins for maximum identity concealment.
How Did I Become Infected?
There are several ways you could have become a victim of this devious threat. One of them is by opening a spam mail with an attached document or a picture in it that might have contained malicious code within its own. More so, you may have clicked on an ad or could have been redirected to a drive-by download type of web page. Such pages may initiate a download, containing ‘SimpleLocker’ concealed as a Java applet, Flash Player or an ActiveX update. Some web pages may directly inject exploit creating code within the user device. Experts advise on being aware what you install on your device. This is because PUPs (Potentially Unwanted Programs) usually administer most pop-ups and redirects that may be bundled with other free programs you may have downloaded online.
More About ‘SimpleLocker’ Ransomware
One variant of the ‘SimpleLocker’ Ransomware is believed to display the following message on either your smartphone, tablet or other devices:
→“Attention! Your phone has been blocked! The device has been blocked for the distribution of child pornography, zoophilia, and other sick things. To unlock your phone, you need to pay 900 hryvnias.
1.Find a payment fulfillment terminal, located in your proximity.
2.In it, locate Money.
3.Enter
4. Input 260 hryvnias and tap on ‘Pay’
Do not forget to take your receipt! After the payment has been conducted your device will be unencrypted in 24 hours. IN CASE, YOU HAVEN’T PAYED YOU WILL LOSE ALL THE DATA ON YOUR DEVICE FOREVER!”
The principle of ‘SimpleLocker’ ransomware is the same for both Android devices and PCs – It scans and encrypts data. What is interesting is that this particular ransomware is reported by researchers to encrypt whole memory cards in phones, asking for ransom. Also, it is believed to lock out the screen of the device with the ransom note, without giving any possibility to the user in accessing his information. Users may simply reboot their smartphones, but this may not help at all since it activates once more. It is even worse for users who have all of their contacts saved on their phone since this particular attack may also encrypt the contact entries and cause a lot of headaches.
For PCs, the situation varies but usually it involves making an anonymous payment by downloading TOR browser, which uses virtual private networking and several other technologies to mask identities. Some variants of this ransomware may try to convince users that they are dealing with a government institution and have committed a crime while browsing. FBI and other law enforcement agencies are one of the most preferred ones when it comes to these type of attacks. They are designed to use the fear in inexperienced users from the law hence convince them to conduct a payment.
How To Remove ‘SimpleLocker’ Ransomware From Your Smartphone And PC?
Such Particular attack is not to be underestimated since it can cause a lot of damage to your information. One efficient strategy to remove it is to perform a complete wipe-out of the device you have ‘SimpleLocker’ installed on. After that, you can reinstall all your applications. Either way, malware researchers strongly advise against complying with the attackers’ demands since it is in no way a guarantee that it will benefit you in any way.
Please follow these simple instructions to help you deal with the threat and backup your data for Android devices and Windows OS PCs:
Removal Instructions For Android Devices:
Step 1: Boot Your Smartphone into Safe Mode:
For RAZR Droid Devices:
1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Switch the phone on.
3.You should see a Motorola Dual Core screen appearing. You should press and hold the Volume up, and Volume Down keys on the side of the smartphone. Hold them until the lock screen shows up with ‘Safe Mode’ written in the lower corner.
For HTC Devices:
1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Turn on your phone while simultaneously holding down the Menu Button. When it starts, keep pressing the Menu Button until you see ‘Safe Mode’ menu appearing in the lower corner.
For Nexus devices:
1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Turn on the phone.
3.When the welcome Logo Screen shows up, hold the trackball while pressing it until a lock screen shows up, or you see ‘Safe Mode’ written in the bottom corner.
For Other Motorola Devices:
1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Hold down the Menu Button after you press it while turning on the phone. When it boots, hold the button down upon seeing the lock screen or feeling the phone vibrate.
For Moto G Devices:
1.Press the Power Button and hold it on until the list with options pop-up.
2.Hold the Power off button and wait for a ‘Reboot to Safe Mode’ option to appear.
3.Tap it and let the phone reset.
For Samsung Galaxy Devices:
1.While the device is on, hold down the Power Button and wait for the Options List.
2.Wait for a ‘Restart to Safe Mode’ option to appear.
3.Choose this setting. The device will restart.
After you have backed up your files, you should perform a clean wipe-out of your phone. This can happen either via one of the options in Safe Mode or by entering your device’s Recovery Mode. Several methods exist in order to enter Recovery Mode of your device:
For Nexus Devices: – Hold the Volume Down + Volume Up + Power button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option. Nexus 4 may work with Volume Up + Power + Volume Down.
For Samsung Devices: – Hold the Volume Up + Power Button + Home Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option.
For Motorola Droid X Devices: Hold the Home Button + Power Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset setting.
For other devices with camera buttons on them: Hold the Volume Up + Camera Button until a Recovery Menu appears. After this, you should choose the Wipe Data/Factory reset option.
Also in case you have backed up your device in a Google Account, you will be able to restore your data after a complete wipe-out by just logging into your Google Account with you email and password.
Removal and protection instructions for Windows devices:Step 1: Start Your PC in Safe Mode to Remove SimpleLocker.
Removing SimpleLocker from Windows XP, Vista, 7 systems:
Step 1: Start Your PC in Safe Mode to Remove SimpleLocker.
Removing SimpleLocker from Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
Removing SimpleLocker from Windows 8, 8.1 and 10 systems:
Substep 1:
Open the Start Menu
Substep 2:
Whilst holding down Shift button, click on Power and then click on Restart.
Substep 3:
After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Substep 4:
You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Substep 5:
After the Advanced Options menu appears, click on Startup Settings.
Substep 6:
Click on Restart.
Substep 7:
A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove SimpleLocker.
Step 2: Remove SimpleLocker automatically by downloading an advanced anti-malware program.
To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all SimpleLocker associated objects.
Security engineers recommend that you back up your files immediately, preferably on an external memory carrier in order to be able to restore them. In order to protect yourself from SimpleLocker (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
Substep 1
-Click on Windows Start Menu
Substep 2
-Type Backup And Restore
Substep 3-Open it and click on Set Up Backup
Substep 4
-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
Substep 5
-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
Substep 6:
-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by SimpleLocker.
For Windows 8, 8.1 and 10:
Substep 1
-Press Windows button + R
Substep 2
-In the window type ‘filehistory’ and press Enter
Substep 3
-A File History window will appear. Click on ‘Configure file history settings’
Substep 4
-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
Substep 5
-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from SimpleLocker.
Enabling Windows File Protection:
Substep 1
– Press Windows button + R keys.
Substep 2
– A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
Substep 3
– A System Properties windows should appear. In it choose System Protection.
Substep 4
– Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
Substep 5
– Click on Ok and you should see an indication in Protection settings that the protection from SimpleLocker is on.
Restoring a file via Windows Defense feature:
Substep 1
–Right-click on the encrypted file, then choose Properties.
Substep 2
-Click on the Previous Versions tab and then mark the last version of the file.
Substep 3
-Click on Apply and Ok and the file encrypted by SimpleLocker should be restored.
