User avatar
Forum Admin
Posts: 3468
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Android Ransomware that Encrypts JPGs and Video

Thu Feb 28, 2019 1:23 pm

So I've got a rather odd case here that showed up. I've never seen anything quite like it. It's a microSD card from an Android device. Suddenly the pictures all seemed corrupted to the user. The card and filesystem all seem normal, but the opening signature of all the jpgs and video files on the card look like this:

Android Ransomware.jpg

As you can see there is some variance in the opening signature, likely a checksum or key of sorts. But some elements such as the second line of 03 00 00 02 00 00 10 00 00 02 8C 2D 04 09 03 01 as well as the visible code "CONSOLE" are consistent. This is then followed by a few sectors of all zeros before random looking data begins (as you'd expect in a jpg or video).

Has anyone ever come across such an Android ransomware or have any idea which one this might actually be? There doesn't seem to be any ransom notes left behind anywhere.

Return to “Cyber Security & Malware”

Who is online

Users browsing this forum: No registered users and 0 guests