WannaLocker targets China-based Android users and attempts to emulate WannaCry's ransom note. It is distributed through Chinese game forums, masquerading as a plugin for the game King of Glory. Once installed, it hides its own app icon, changes the device's wallpaper image, and then encrypts files over 10 KB in size that are located on the device's storage card using AES encryption. It avoids encrypting files that begin with a "." as well as files that include DCIM, download, miad, android, and com in the SD card file path. WannaLocker demands a ransom of 40 Chinese Renminbi which is approximately equal to 5 or 6 USD and requests payment through QQ, Alipay, or WeChat.

  • Avast provides more information about WannaLocker here.
  • The NJCCIC is not currently aware of any free decryption tools available for WannaLocker.