Yesterday, Simon Bell, a student at the University of Sussex, publically released the antidote to Simplocker— a cryptographic ransomware Trojan targeted at Android devices, that has caused quite a buzz in the tech world, recently.
According to Bell, “the antidote was incredibly easy to create because the ransomware came with both the decryption method and the decryption password, therefore producing an antidote was more of a copy-and-paste job than anything.”
The malware, which encrypts content in devices' local storage and then demands money from the device's owner if they ever want to see their photos, documents, and videos again, has been successfully dissected by Bell, finding all of the encryption work was done by the malware itself, despite the fact that the code referred back to a command and control server over the Tor anonymising network to relay information about the infected device.
The malware has not yet been encountered in any apps in the Google Store or in other app store sites and has shown itself to be rather rudimentary in design and execution. However, as Bell noted in the public release of his antidote, “if Simplocker gets turned into a full-fledged attack tool, its likely that the improved version will be much more difficult to reverse-engineer—and will probably not use a hard-coded encryption key.”