ESET security researchers have provided details about a new ransomware family they identified impacting the Android operating system. It has been observed being distributed through online forums and is believed to have been active since July 12th.
At this time, the size and scope of this campaign is limited, targeting only a select group of individuals It was noted by the researchers that if the adversaries choose to broaden the groups who they target and correct execution flaws, this particular ransomware could be most problematic. T
he adversaries set up two domains for this campaign that contain malicious Android downloads. They have been observed for the most part on Reddit or XDA Developers. The topics have been mostly explicit content or technically related. Once a device has been infected, it uses the victim’s contact list to distribute SMS text messages with malicious links in an effort to further the amount of victims it can infect. As is customary with most ransomware, it will lock the victim’s device and demand that a ransom is paid to unlock those files.
Once the files are encrypted, the file extension “.seven” is appended to the original filename.
Further details here.
Indicators of Compromise (IoCs)
Contact e-mail address
Affected Android versions
Android 5.1 and above