WannaCry Copycat ‘WannaLocker’ Ransomware Hits Android Devices

The IT security researchers have discovered a malware in China that has mimicked WannaCry ransomware attack to some extent and has been named “WannaLocker.” The ransomware is similar to WannaCry regarding how it appears on the screen and how it demands ransom in order to unblock one’s files.

Android phones become the victim: The research from Avast based on Chinese security firm Qihoo 360’s finding says that it is only Android phones that have been infected and that the ransomware has not caused any damage outside China. In any case, the ransomware hides within online game forums from where it tricks the users to download the virus. It does so by masquerading as an innocent plug-in required to play the game, “King of Glory.”

More:  New Android ransomware proves why antivirus software are a joke

In any case, the ransomware hides within online game forums from where it tricks the users to download the virus. It does so by masquerading as an innocent plug-in required to play the game, “King of Glory.”

Once downloaded, the phone’s home screen displays an anime wallpaper and it starts to encrypt files in the background. One cannot locate where the app is stored as the app icon simply vanishes from the home screen.

WannaCry Copycat 'WannaLocker' Ransomware Targeting Android Devices
Ransomware note (Image Source: Qihoo 360)

How does it work? The ransomware is similar to WannaCry and as such, encrypts files while demanding payment from users if they want to access their files.

However, it has been observed that the ransomware uses a much more advanced level encryption technique. This applies in particular in the context of Android as ransomware targeting this software has not gone beyond simply blocking the user’s screen.

Essentially, WannaLocker encrypts files using the Advanced Encryption Standard and does not affect files that are over 10 KB in size or start with a dot. Also, files that have “Android, “download,” “miad,” or “DICM” in their extensions also do not get affected by the infection.

More:  Milkydoor: A malware which can turn an Android phone into hacking device

The ransomware is mostly likely a work of a novice: Unlike the WannaCry campaign which used Bitcoins as the primary currency in which it expected its victims to pay the ransom, the WannaLocker campaign instructs the victims to pay in actual currency with the amount being around $6.

Apart from the amount being incredibly low, the more surprising aspect of the campaign is it asks its victims to pay in actual currency. It is like asking to get caught.

This is because actual currency payments can be easily tracked and given that this is China we are talking about, the authorities in the country already have access to vital information regarding people’s locations, bank accounts and more.

It would not have taken more than a minute for the Chinese authorities to figure out from where the attack was being launched and who were the actual perpetrators. In any case, it has been advised that people keep a backup of their files and constantly update their software for the latest security fixes.

More:  CryptoMining malware Adylkuzz using the same vulnerability as WannaCry

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan