Early in June, Ars reported the discovery of Android/Simplocker, which appeared to be the first cryptographic ransomware Trojan targeted at Android devices. Simplocker encrypts photos, documents, and videos in devices’ local storage and then instructs the device owner to send money if they ever want to see that content again.
One researcher—Simon Bell, an undergraduate student at the University of Sussex—managed to dissect the code for Simplocker. He found that while the code actually called back to a command and control server over the Tor anonymizing network to pass information about the infected device, all of the encryption work was done by the malware itself.
Today, Bell released an antidote to Simplocker—a Java program that can decrypt the files attacked by the malware. “The antidote was incredibly easy to create because the ransomware came with both the decryption method and the decryption password,” Bell wrote. “Therefore producing an antidote was more of a copy-and-paste job than anything.”