University of Sussex undergrad claims to have the key to unlock Android randsomwareBy Sj.Cliff
A student is set to release a Java application to decrypt the first randsomware to hit Android devices.
The app would be easily downloadable through app stores and is able to unlock devises who’s data has been locked by an outside source – aka held at randsom.
--screenshot of the Android malware
The Simplelocker randsomware was revealed on the 7 June by malware analysts at Eset targeting devices in Eastern Europe. Without getting too technical, the virus locks the data on the android device and the only way to gain access to that content again is by paying the princely fee of 260 Ukrainian hryvnias, a.k.a £13. The virus seems to just be targeting Eastern Europeans.
True to its name, Simplocker was built using simple code, which has allowed undergrad Simon Bell to pry it apart.
Simon wrote a blog post detailing how he reversed Simplocker and would be developing an app to pluck the decryption keys stored within.
"This dissection shows how the app encrypts user's files and that information about the phone is sent to a C&C (command and control) server on the TOR network," Bell writes.
"But one important question remains unanswered: would it be possible to decrypt files that have been encrypted by the app without connecting to the C&C server? In other words: can we reverse the damage done by this app?"
His next blog will publish the crypto-cracking app allowing European users to free their devices without having to pay out all the cash.
Simplelocker could be a proof of concept virus designed to show what creators can do prior to more malicious malware being created. These next-level viruses wouldn’t be cracked by the program Simon is creating and could still pose a serious threat.