AnDROid Ransomware

The AnDROid Ransomware is a ransomware Trojan that was first observed on March 28, 2017, in attacks targeting countries in Southeastern Asia such as Indonesia, the Philippines, Vietnam, India and Thailand. The AnDROid Ransomware is a typical ransomware Trojan variant designed to attack computers using the Windows operating system. However, there may be some confusion because of the AnDROid Ransomware's name. The AnDROid Ransomware is not designed to infect systems using the Android operating system developed by Google (although there are ransomware threats designed to attack these devices).

The AnDROid Ransomware belongs to a family of ransomware that includes such threats as the SADStory Ransomware and the EnkripsiPC Ransomware. This family seems to target computers located in Indonesia, although the attacks of threats in this family may surface in other geographical locations. The AnDROid Ransomware may be distributed using corrupted text documents, which include scripts that allow the installation of the AnDROid Ransomware on the infected computer. These documents may be delivered to the victims' computers through email messages that use social engineering techniques to trick inexperienced computer users into downloading and opening the attached, corrupted file.

How the AnDROid Ransomware can Demand a Ransom from Computer Users

The AnDROid Ransomware is based on an open source ransomware engine, just like many of the most common ransomware Trojans today. Using a customized version of the RSA and AES encryption, the AnDROid Ransomware will make the victim's data inaccessible by encrypting it. The AnDROid Ransomware can encrypt a wide variety of file types, focusing on files that would tend to have some unique value to the victims of the attack. The files that have been encrypted by the AnDROid Ransomware will have the extension 'android' added to the end of the original file. This is why PC security analysts tend to refer to the AnDROid Ransomware with this name.

Following the AnDROid Ransomware Attack

The AnDROid Ransomware is fairly unique compared to other ransomware Trojans because the AnDROid Ransomware tactic seems to be carried out through a Facebook account page. Victims of the AnDROid Ransomware are instructed to communicate with a Facebook account page belonging to Alan Nicola, who may not be related to the AnDROid Ransomware Trojan at all. The AnDROid Ransomware attack itself is fairly typical of these tactics. The AnDROid Ransomware encrypts its victim's data using a strong encryption method. The AnDROid Ransomware then displays a ransom note meant to force computer users to pay a ransom. The AnDROid Ransomware lock screen includes an animated image of a skull. The AnDROid Ransomware's ransom note has the following text:

'Hi, sorry your files has been encrypted/
But, not all your file encryped
Klick "Contct Me"
and i will give your key.
[Contact Me]
Contact Me :
Facebook: www.facebook.com/m.sanjay.qm
Insert your key here [TEXT BOX]
Decrypt'

Dealing with the AnDROid Ransomware

Fortunately for computer users, it seems that the people responsible for the AnDROid Ransomware have included its decryption code in the AnDROid Ransomware's code. Computer users can recover their files by using the code 62698b8ff9e416d9a7ac0fb3bd548b96. It is possible that the AnDROid Ransomware is in its testing version, which seems to have been in process since mid-February. It is likely that 'Alan Nicola' is an alias. The AnDROid Ransomware carries out a typical ransomware attack, and it is necessary to take precautions. Although the people responsible for the AnDROid Ransomware have made the mistake of including the decryption code in the AnDROid Ransomware's code, this is not common with other ransomware threats from the same family, and it is important to be well protected. The best protective measures against the AnDROid Ransomware and similar threats is to have an updated security program and file backups on the cloud or an external memory device no attached to the leading computer (to prevent the backups themselves from becoming encrypted).