Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored. The crudeness of Android/Simplocker, as the malicious app has been dubbed, suggests it’s still in the proof-of-concept phase, Robert Lipovsky, a malware researcher for antivirus provider Eset, said in a recent blog post. The malware also addresses users in Russian and demands that payments be made in Ukrainian hryvnias, an indication that it targets only people in Eastern Europe. Still, the trojan—with its combination of social engineering, strong encryption, and robust Internet architecture—could be a harbinger of more serious and widespread threats to come. After all, the first Android trojans to make hefty SMS charges also debuted in the same region.