Downloadable via compromised apps on the Google Play Store, the LeakerLocker ransomware threatens to send all of your pictures, messages and internet browsing history to all of your contacts.
Once a compromised app has been downloaded, LeakerLocker locks the phone’s homescreen and displays a message that reads:
All personal data from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50.
Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.
Despite claiming to have taken backups of all of your sensitive information, including personal photos, contact numbers, SMS’, calls and GPS locations and browsing and correspondence history, we suggest that you do not pay the ransom. Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again. Realistically, however, it’s inevitable that some people will decide to make the payment, due to sheer panic.
READ OUR RELATED ARTICLE: Fake Android app infects 14 million devices worldwide
According to researchers, LeakerLocker can read a victim’s email address, random contacts, Chrome history, some text messages and calls, take a picture from the camera, and read some device information.
All the above information is randomly chosen to display on the device screen, which is enough to convince the victims that lots of data has been copied.
If one does proceed to making the payment, the user will be prompted to enter their credit card details and if payment has been successful the following message will appear:
“Your [sic] personal data has been deleted from our servers and your privacy is secured”.
If payment isn’t successful, the user will be presented with the following:
“No payment has been made yet. Your privacy is in danger”.
The compromised apps, which as of writing have since been removed from the Google Play Store, are Wallpapers Blur HD and Cleaner Pro. Wallpapers Blur HD has been downloaded between 5,000 and 10,000 times and has a rating of 3.6 stars (out of five), and Booster & Cleaner Pro has between 1,000 and 5,000 downloads and a 4.5-star rating.
About IntelliTeK Pty Ltd
IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s from the worlds leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007.
IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.