Android/Filecoder.C Ransomware

The Android/Filecoder.C Ransomware is a file-locking Trojan that encrypts most of the files on Android devices. This attack can render your documents and other media unusable, and it may not be recoverable without the threat actor's help or the availability of a pre-established backup. Anti-malware services can, however, identify and block this Trojan or remove the Android/Filecoder.C Ransomware afterward.

An Invitation to Erotic Capers that Ends in Tragedy

Salacious content is a favorite lure that criminals use for convincing victims, both random and targeted, to compromise their computers, phones and other devices. The fact that a new file-locking Trojan is turning promises of pornography into attacks isn't unanticipated, but the culprit in question is showing its creativity elsewhere. The Android/Filecoder.C Ransomware is a member of no known family of file-locking Trojans and makes effective use of dynamism in its payload for maximizing the possibility of making money.

The Android/Filecoder.C Ransomware can spread of its own accord, like a worm, by sending SMS messages to victims whose contacts it harvests from compromised Android phones. However, at least one campaign is using another infection vector for supplementation: posts on social platforms and forums, such as Reddit. The attack pretends that the Android/Filecoder.C Ransomware is a 'sex simulator' application or a technical utility for getting victims to install it.

Malware researchers aren't surprised by the Android/Filecoder.C Ransomware's using AES and RSA encryption as its file-locking method since this combination is commonplace among Trojans of the kind. However, the Android/Filecoder.C Ransomware has other features worth noting: an encryption list that filters out small pictures, compressed archives, and system files, a non-screen-locking pop-up alert, and over forty language options that synchronize with the phone's settings. Perhaps the Android/Filecoder.C Ransomware's strangest choice is its ransom, which is only partially fixed, with the second portion of the currency amount randomized by unknown means.

Deconstructing the Psychology of a Trojan Trap

The Android/Filecoder.C Ransomware makes competent use of social engineering as a way of circulating to new victims. Besides matching language settings, it also inserts owners' names into its SMS messages and uses shortened or obfuscated URLs in its links. Users should as always, avoid downloading files from unknown sources before confirming their legitimacy. While the Google Play Store isn't immune to breaches by threatening apps, it is being monitored and curated for your safety.

The Android/Filecoder.C Ransomware includes a deadline of seventy-two hours in its ransom instructions, although this timeline is a bluff and incurs no consequences for being ignored. As always, malware experts can't guarantee that decryption of anything that the Android/Filecoder.C Ransomware blocks is possible in all cases, whether or not you pay. Backing up your work to another device is the only always-reliable solution for restoring digital media.

Unusually, the Android/Filecoder.C Ransomware doesn't lock the screen or block the rest of the phone's UI. Victims can delete the Android/Filecoder.C Ransomware through an appropriate anti-malware product without any interference.

The ransom collection of the Android/Filecoder.C Ransomware's current campaign is at zero, but that may not hold, for long. Whether or not you can pay, the consequences of compromising your phone for indulging in illicit applications remains a high price.