Android smartphones are facing attacks by a new version of ransomware that uses an interface similar to the one of WannaCry, researchers said.
SLocker ransomware usually comes bundled into cheating tools for Android games, video players, and other popular programs, attempting to replace the wallpaper on the phone and to change its icon after compromising a device, said researchers at Trend Micro.
The ransomware doesn’t go after system files, rather it chooses to encrypt files that have suffixes, such as text files, photos and videos larger than 10KB and smaller than 50MB. Once a device is infected, SLocker gives users three different options to pay, threatening to increase the ransom as more time passes since the malware was deployed on the device. Eventually, encrypted files would end up completely deleted after seven days.
Payments end up processed through Chinese service QQ and files are encrypted with a randomly generated number plus value 520.
Trend Micro said it shouldn’t be too difficult for security experts to decrypt the files.
“The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom,” Trend Micro researchers said in a blog post. “After laying low for a few years, it had a sudden resurgence last May. This particular SLocker variant is notable for being the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.”