Simplocker is a Tor-enabled mobile device ransomware that targets the Android operating system and spreads through a Trojan downloader masquerading as a legitimate application. It is the first known ransomware to target Android devices. Once installed, it scans the device for various file types and encrypts them using AES, changing the file extensions to .enc. It also collects information like the IMEI number, device model, and manufacturer and sends it to a C2 server. Newer versions access the device camera and display a picture of the victims to scare them into paying the ransom. Information on how to remove Simplocker from an Android device is available from Sensors Tech Forum.


  • April 2016: Simplocker exploits vulnerabilities to install on the victim's device in the background, without any user interaction. (InfoSecurity)

Technical Details

  • Symantec provides technical details as well as instructions to remove Simplocker, available here.

Image Source: ESET