Chinese police have arrested two men for distributing a variant of the SLocked Android ransomware, customised to look similar to WannaCry, the Windows wormable malware that spread across the globe in May, infecting numerous businesses and organisations in over 150 countries. The two cybercriminals were arrested on 7 June, just five days after security researchers first spotted the Android ransomware campaign.
Chinese police have been cited as saying that the ransomware affected less than 100 victims and that the malware's distribution was limited because the hackers operating it didn't have the tools and experience required for widespread distribution. According to security researchers at Trend Micro, the ransomware was spread via a cheating tool for a popular Chinese gaming app called King of Glory.
Twenty-year-old Chen from Wuhu (Anhui province), and 13-year-old Jinmou from the city of Anyang (Henan province) were arrested. While the former was charged with creating the ransomware, the later is suspected to have been in charge of distribution. A Chinese security firm reportedly played a major role in helping authorities apprehend the cybercriminals.
BleepingComputer reported that the two ransomware developers spread their customised ransomware via Chinese forums. The hackers reportedly asked victims to send them 40 Chinese renminbi ($6, £4.5) using Chinese payment providers such as QQ, Alipay, or WeChat. The payments however, were tracked by the Chinese police, leading to the arrest of the duo.
Chinese authorities said they found 34 malware samples on various phones and tech devices. It is suspected that the duo began working on the ransomware in May and released it on 2 June.