Sussex student breaks open Android ransomware using copy and paste

Security

by Jimmy Nicholls| 18 June 2014

PHP developer reckons SimpleLocker will return more virulent.

SimpleLocker ransomware has been decrypted by a student from the University of Sussex, despite claims by hackers that ransomed data would be lost forever.

Simon Bell, a student at the Brighton based university with a background in PHP development, created a Java programme also available as an Android app capable of decrypting the files, after reverse engineering the ransomware.

"The antidote for this ransomware was incredibly easy to create because the ransomware came with both the decryption method and the decryption password," Bell said. "Therefore producing an antidote was more of a copy-and-paste job than anything."

Following its launch earlier this month, SimpleLocker encrypted SD cards on Android phones and tablets before demanding payment, and was directed towards Ukrainians.

Bell became interested by the malware because of its novelty, with the virus believed to be a prototype for more serious strains set to be released later on.

"It's also worth noting that while this antidote doesn't detect the decryption password automatically, it could be possible to do so," he added.

"However, future versions of the ransomware will probably not reveal the decryption password so easily and will likely receive it from the C&C [command and control] server."

Ransomware has become increasingly prominent as a method of attack during the last year, with the attack style mostly linked to eastern European criminal gangs.

Last month Apple customers suffered a widespread ransomware attack that made use of a feature designed to help users retrieve misplaced phones and tablets. Two people were later arrested in Moscow, alleged to be responsible for similar attacks.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

752 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.