The Russians have created an Android ransomware that does not do anything in the first four hours

Some researchers from Zscaler ThreatLabZ have discovered a new type of ransomware for Android inside OK (Odnoklassniki), a Russian entertainment social network application.

The clean application has between 50 and 100 million downloads from the Google Play Store, but the infected one is available via third party application stores.

The virus stays quiet for four hours, permitting the user to perform his regular activity on the phone, unlike other ransomware variants that encrypt the data right after the infection. After the four hour interval, the application asks for administrative rights, changes the unlock password, locks the screen and sets the lock-screen password expiration. If the user taps cancel, the administrative prompt reappears quickly and does not permit the user to take any other action on the phone.

The ransom is only 500 rubles, the equivalent of $9.

The researchers have managed to discover that the ransomware does not sent the user’s data to a server and is incapable of unlocking the user’s phone. So, if the victim pays the ransom, the virus will stop operating, but the user will not be able to access his data anymore.

Due to the fact that the ransomware malware does not take any action in the four hours, the antivirus software cannot detect it, so it can be easily injected in the Google Play Store Apps.

A piece of advice: Do not install apps from unknown sources and disable the unknown sources installation feature from the phone’s settings.

If however you get infected with this, you need to boot into Safe Mode, remove the device admin privilege of the ransomware app, remove the app itself and reboot your device back in regular mode.

For more information, see this VirusGuides article.

Leave a Reply