The first ransomware for Android devices that actually encrypts files could be making its way to English-speaking regions.

In June, users infected with Android/Simplocker were receiving messages in Russian requesting a ransom of 260 Ukrainian Hryvnia, or about $20. Last week, ESET researchers noticed a variant of the ransomware delivering an English-language message requesting $300 to be paid by MoneyPak voucher.

The message purports to be from the FBI and states that the victim's device was blocked following detection of illegal activity, such as viewing underage pornography, according to a Tuesday ESET post.

This Simplocker variant now encrypts archive files, which are used by many Android backup tools, and also asks to be installed as Device Administrator, making it much tougher to remove, according to the post.