Pierluigi Paganini July 24, 2017

The SLocker, aka Simple Locker, is a mobile ransomware that locks victims’ mobile devices and requests the payment of a ransom to unlock them.

The malware impersonates law enforcement agencies to convince victims to pay the ransom, it infected thousands of Android devices in 2016.

According to the experts, more than 400 new variants of the SLocker ransomware were observed in the wild in May, while in May researchers at Trend Micro found a variant mimicking the WannaCry GUI .

“This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.” reads the analysis published by Trend Micro.

“While this SLocker variant is notable for being able to encrypt files on mobile, it was quite short-lived. Shortly after details about the ransomware surfaced, decrypt tools were published. And before long, more variants were found. Five days after its initial detection, a suspect supposedly responsible for the ransomware was arrested by the Chinese police. Luckily, due to the limited transmission channels (it was spread mostly through forums like QQ groups and Bulletin Board Systems), the number of victims was very low.”

Once infected the mobile device, SLocker runs silently in the background and encrypts any kind of file on the smartphone, including images, documents, and videos.

The ransomware is also able to hijack the mobile device, making impossible for the owners to access the device.

The availability of the SLocker source code will likely increase the number of samples that will be detected in the wild in the incoming weeks.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  (SLocker code, Android malware)

[adrotate banner=”13″]