Developers of WannaCry Ransomware Arrested by Chinese Police

The WannaCry ransomware attack caused massive damage globally. A lot of computers and entire systems were crippled by this malware over the course of only a few days. It now appears there is a WannaCry variant targeting the Android ecosystem. To our relief, the Chinese police officials have arrested the developers. This goes to show some countries take these issues far more seriously than others.

China Doesn’t Mess Around With Android Malware

One lesson we can learn from the WannaCry ransomware deployment, is how damaging a sophisticated attack can be. Hundreds of thousands of machines were successfully infected by this malware, since it used an NSA-developed exploit kit to infect vulnerable systems. However, it does not appear desktop and laptop computers are the only potential targets for this destructive malware.

There is a version of WannaCry which is designed specifically to target the Android ecosystem. Two men have been arrested due to their alleged involvement in the distribution of SLocker, a powerful Android ransomware. At a glance SLocker looks just like WannaCry, but it works different under the hood. It is not uncommon for developers to rename existing malware if they make minor modifications to the code.

What is more remarkable is that these two developers were arrested in China. Few people would expect China to be home to ransomware developers, but this goes to show the reality is very different. It appears the developers used a clever way of distributing their malware. It was advertised as a free plugin for the Kings of Glory mobile game.

We have seen many malware distribution methods over the past few years. Going after mobile gamers is an effective distribution strategy, especially when considering how Kings of Glory is wildly popular in China. Developers targeting people in their home country is not necessarily the best of ideas and usually attracts the attention of law enforcement.

The SLocker ransomware has than 100 victims, which is good considering how effective some ransomwares are. Victims are asked to pay a $6 ransom, which needs to be paid through QQ, Alipay, or WeChat. There is no mention of Bitcoin or any other cryptocurrencies on this Android variant of WannaCry. That is somewhat surprising, but may make sense. In China, WeChat, QQ, and Alipay are incredibly popular, and sending $6 worth of RMB to another person is incredibly easy.

These arrests show ransomware developers in China are under the extreme scrutiny of the law. It only took police officers five weeks to find the culprits and arrest them. During the arrest, they also found several dozen malware samples on confiscated hardware. Their choice for mobile payments may have caused their project to come to an abrupt halt since none of the payment methods were anonymous by any means.