Copycat version of WannaCry ransomware target Android users in China

WannaCry

Researchers discovered a malware in China that has mimicked WannaCry ransomware attack to some extent and has been named “WannaLocker.”

Chinese security firm Qihoo 360’s finding says that, the ransomware infected only Android phones, and has not caused any damage outside China.

The ransomware hides within online game forums from where it tricks the users to download the virus. It does by masquerading as an innocent plug-in required to play the game, “King of Glory.”



Once downloaded, the phone’s home screen displays anime wallpaper and it starts to encrypt files in the background.

ransomware

The ransomware encrypts files while demanding payment from users if they want to access their files.

Google introduces reCAPTCHA Android API

Essentially, WannaLocker encrypts files using the Advanced Encryption Standard and does not affect files that are over 10 KB in size or start with a dot. Files which are “Android, “download,” “miad,” or “DICM” extensions also do not get affected by the infection.

The WannaCry campaign used Bitcoins as the primary currency in which it expected its victims to pay the ransom. The WannaLocker campaign instructs the victims to pay in actual currency with the amount being around $6.

Researchers advised that people keep a backup of their files and constantly update their software for the latest security fixes.