The dreaded ransomware “WannaCry” that attacked mid-may to businesses, hospitales and organizations around the world he has left an imitator in Android. Some criminals are using a version of imitation of WannaCry to attack Android.
The security firm Avast has christened this version under the name WannaLocker, and like his older brother, what it does is to restrict access to certain files on the device to ask for a ransom in exchange for removing this restriction.
WannaLocker, this is how and where it is attacking
The ransomware WannaLocker is spreading in the forums of chinese games, imitating a plugin for the popular chinese game King of Glory (王者荣耀). The victims downloaded deceived the ransomware.
once you have downloaded the APK of this malware and install it discover the open that course plugin of the game appears a window that mimics the WannaCry informed that your files have been encrypted and to recover them you will have to pay about 40 yuan, about 5 euros at the exchange. Each time the amount of money that they ask for increases until you reach a deadline in which we would lose forever the files.
What files are hijacks?
For WannaCry attacks the external storage of our device, encrypting the files using the AES encryption, but it is not encrypting all the files. The files that start with “.” and the contents in the folders “DCIM”, “Download”, “miad”, ”android” and “com.” are safe from this malware, they are not being encrypted. Nor is encrypting files smaller than 10 KB.
The ransomware adds the encrypted files with the following extension that we see highlighted in the following screenshot:
Malware of some tour
This malware seems to have its days numbered, since their criminals are using methods of payment chinese QQ, Alipay, and WeChat in order to collect the ransom, with what you are not using any criptomoneda anonymous, so that they can be identified and located.
How to stay safe
To keep your device protected from any type of malware the only thing to do is to use common sense and not install in the device applications from unknown sources. So only from trusted sources such as Google Play, Amazon App Store and official websites.
The news Is a variant of the ransomware WannaCry that attacks Android was originally published in Xataka Android by Cosmos .
June 9, 2017
- ← AtGames reviriá grands classiques grands classiques avec les rééditions de l’Atari 2600 et Megadrive
- The European Commission will monitor that the purpose of ‘roaming’ does not increase the national rates →