The WannaCry ransomware that was originally developed in 2017 has evolved into the WannaLocker mobile derivative. This new version has been found to be enhanced with spyware, RAT, and banking trojan capabilities. The original WannyCry variant was targeted primarily at Chinese Android device users, but the newest version is found to target Brazilian banks and their customers. The particularly nasty all-in-one ransomware capabilities include: Harvesting text information, stealing call logs, phone numbers, GPS locations, microphone audio data and stealing credit card information. Currently, it is unknown as to how the ransomware is being distributed, but researchers believe it is through malicious links or third-party app downloads. Once the ransomware is installed, it encrypts the user’s mobile files and demands a relatively small amount of money to decrypt the files. The WannaLocker ransomware appears to still be in development and could pose a very serious threat to the banking and retail sectors.
Analyst Notes
Having a secure backup of the computer and mobile devices is always the best way to combat any ransomware. It is rarely recommended to pay the ransomware because the attacker will almost never release all of the user’s files with the payment. It is also recommended to verify that the anti-malware software on mobile devices is up to date.
