Wannalocker: Android Users Wanna’Cry’

Wannalocker: Android Users Wanna’Cry’. After the terror we saw with the dangerous Wannacry ransomware, another ransomware is on play. Unlike the wannacry, those ransomware is specialized for infecting android phones. Although, now the attack is spread only among Chinese users.

Connection to Wannacry

When it infects, the message screen coming by may scare you. Because it has a most familiar look we all saw presently. That’s why it is called as a Copycat of Wannacry Ransomware. Also the security company Avast named it as “wannalocker”. But the point is, the ransomware could spread havoc among the infected people and it can easily get famous. Only the name is enough, WANNACRY. We can understand that the attacker expects a quicker transfer of money. That might be the reason why the attacker decided to design the message screen display to look alike wannacry.

wannalocker display photo: avast

The ransomware was first reported by the Chinese security company Qihoo 360. Wannalocker have spread through the Chinese gaming forums. It tricked the users to download the ransomware as they were downloading a plugin of the popular Chinese game “King of Glory”. When infected, the icon of the app first changes and then then the wallpaper.

Wannalocker Disguises as “King of Glory” Plug-in

Another thing is, the ransomware is designed to infect the external storage of the phone. It has a powerful AES encryption while the previously spreader android ransomwares were just showing the lock screens. So it is very dangerous. The attackers asks the victims a ransom of 40 Chinese yuan which will be equivalent to almost 5-6 US Dollars and 380 Indian Rupee.

Read More: Good News for Wannacry Victims: Your Files Are Easy to Recover!

The ransomware put some exceptions on the infection. That is, it does not affect files staring with “.”(dot) and does not affect the words “download”, ”DCIM”, “COM.”, “miad” included files and path bigger than 10kb. The cyber team from avast also explained that the ransomware adds a long weird extension which includes Chinese and Latin characters.

Wannalocker Extension Photo: Avast

Payment Not With CryptoCurrencies

The most interesting thing is that the ransom money is not asked in the form of any cryptocurrencies like bitcoins.  They asked the victims to pay using Chinese local transfer methods like QQ, AliPay and weChat through QR code. The police can easily trace that accounts when the transfer occurs. That too in a country, where the authorities has a deep access into the data of technological firms. It really confuses the tech world. They doubt that how the same hackers who created a sold encryption methods to lock the files could do such a foolishness. However, the assumptions are that the attackers might be Amateurs.

Payment Through QR Codes


The cyber team of Qihoo 360 has already released a decryption tool.

[button color=”” size=”” type=”square” target=”” link=”https://22a2b2.lt.yunpan.cn/lk/cGVCamBZgR4fG”]Download[/button] [Code to download:0778]

Read More: 20 Best Hacking Apps For Android – Part 4

  • Try not to download anything from untrusted sources.
  • Keep an antivirus up-to date in each of your device.

The avast team has something for you,

To protect your phone and valuable photos, videos, contacts stored on it from ransomware, make sure you frequently backup your data and install antivirus on all of your devices.

Leave a Reply

Your email address will not be published. Required fields are marked *