Experts in Oman warn against new mobile phone ransomware
MUSCAT: Phone users in the Sultanate have been warned over threats from a new ransomware variant, WannaLocker, which is attacking android phones in Oman.
Inspired by the WannaCry ransomware that crippled thousands of systems around the globe, WannaLocker disguises itself as a plug-in to the famous strategy game Kings of Glory to trick users into downloading it. It is being circulated mainly on websites for gaming applications.
“The new ransomware is inspired by WannaCry, and it encrypts all photos and applications on your phone. Initial reports by the response team indicate that the source of the virus is China, and targets smart phones that run by the Android operating system,” Oman’s National Computer Emergency Response Team (CERT) warned. After the virus is downloaded on phones, it immediately encrypts phone data and then displays a message imitating one used by the notorious WannaCry malware.
Ransom demand
“The hackers then demand 40 yuan, which is equivalent to US$6, in order for data to be restored and the virus to be deleted. It is important to point out that the virus targets files that are stored on the external memory of the affected device,” CERT explained.
Although a more complex code than WannaCry, WannaLocker is listed as a low risk Trojan that is likely to be designed by amateurs. Firstly, the cheap ransom demand is to be paid in yuan, a conventional currency whose transaction can be traced. WannaCry ransom demand was in virtually untraceable bitcoins. Secondly, the virus is unable to encrypt any data that is over 10 kilobytes or stored in the internal storage, which makes most data and applications safe. Lastly, the latest ransomware does not affect files stored in the DCIM, download, miad, android and .com formats, again narrowing its scope.