Sussex student breaks open Android ransomware using copy and paste

Data Jimmy Nicholls

13:58, June 18 2014


PHP developer reckons SimpleLocker will return more virulent.

SimpleLocker ransomware has been decrypted by a student from the University of Sussex, despite claims by hackers that ransomed data would be lost forever.

Simon Bell, a student at the Brighton based university with a background in PHP development, created a Java programme also available as an Android app capable of decrypting the files, after reverse engineering the ransomware.

"The antidote for this ransomware was incredibly easy to create because the ransomware came with both the decryption method and the decryption password," Bell said. "Therefore producing an antidote was more of a copy-and-paste job than anything."

Following its launch earlier this month, SimpleLocker encrypted SD cards on Android phones and tablets before demanding payment, and was directed towards Ukrainians.

Bell became interested by the malware because of its novelty, with the virus believed to be a prototype for more serious strains set to be released later on.

"It's also worth noting that while this antidote doesn't detect the decryption password automatically, it could be possible to do so," he added.

"However, future versions of the ransomware will probably not reveal the decryption password so easily and will likely receive it from the C&C [command and control] server."

Ransomware has become increasingly prominent as a method of attack during the last year, with the attack style mostly linked to eastern European criminal gangs.

Last month Apple customers suffered a widespread ransomware attack that made use of a feature designed to help users retrieve misplaced phones and tablets. Two people were later arrested in Moscow, alleged to be responsible for similar attacks.

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.