Hackers in China have developed an Android ransomware that copies WannaCry using similar graphics to trick users into paying the ransom.

Qihoo 360 researchers spotted that creators of this ransomware and have dubbed it as WannaLocker. The hackers are spreading it through Chinese gaming forums where the ransomware is disguised as a plugin for the King of Glory, a very popular mobile game in China.

How does it work?

It first hides its icon from the app drawer and changes the main wallpaper to an anime image. Then, it starts encrypting files stored on the device's external storage.

The ransom message has been framed in Chinese in an identical template like WannaCry used and is asking users to pay the ransom fee of 40 Chinese Renminbi ($6) via Chinese payment providers QQ, Alipay, or WeChat. Experts say the fact that the ransom is not being demanded in bitcoins points towards the hackers being amateurs.

Although there have been reports suggesting that the original WannaCry hackers may be from China, it is highly unlikely they have any link to this ransomware creator.

Encryption is solid but less effective

Although the ransom payment method may be amateur, the encryption on the ransomware is quite solid. The ransomware successfully encrypts files unlike most Android ransomware that can only lock the screen.

Despite the solid encryption the ransomware can only encrypt files under 10KB. Moreover, it only encrypts files present on a smartphone's external storage so internal storage apps and other files are safe.