We all know the feeling. The dread of thinking that you have got a virus – and knowing that nothing that any doctor could prescribe would help at all. Viruses and malware can make their way onto your computers, tablets and smartphones in increasingly complexed and varied ways, but Sussex student Simon Bell has created a real buzz in the cyber security world by neutralizing a malicious piece of software that has been targeting people globally.
With a particular interest in cyber security, Bell dedicated his final year project of his BSc in Computer Science to understanding and creating an antidote to Simplelocker – a type of ransomware that encrypts and locks files on your system and requests cash to release the data. This type of virtual ransoming is becoming more common, particularly as we hold so much important data on our devices at any one time.
Simplelocker, which is the first ransomware targeting devices that use the Android operating system, displays a message in Russian on the user’s phone or tablet, demanding a ransom in Ukrainian currency once the device is infected – and data locked.
To attract the attention of Simplelocker, Bell created a trap for the malware, so he could study how it behaved. The ‘honeytrap’ posed as a vulnerable system online and was soon being attacked by malicious software. Through his blog, Securehoney, Bell has published a series of posts about the project, including live daily stats on login attempts on his cunning wolf in sheeps clothing system, which makes very interesting reading – including a live password attempt cloud. Check that yours is not one of the most common highlighted here…
But it was the data that the honeypot collected on Simplelocker that allowed Bell to crucially develop a Java applet that acts as an antidote to the malware, after he was able to reverse engineer it after studying it from within. This applet has now been released to the wider world through his blog, creating a buzz in the technology industry.
‘The process of creating the antidote is actually very simple because the ransomware comes with a built-in decrypt method and cipher password. This means we’re able to create our own Java class and copy the decryption code from the ransomware into our antidote class.’ said Bell on his latest blog post. However, considering the scale of the Simplelocker malware issue, the modest Bell has surely created a solution for lots of frustrated technology users.
As well as the Simplelocker malware, Bell has also dissected a malicious version of the game Flappy Birds through his Securehoney project, which sent premium rate text messages without the users knowledge.
Simon Bell will graduate this summer with a first class honours degree in BSc Computer Science and is going on to study for a PhD in Cyber Security – and we look forward to hearing what he will be dissecting next.
(image via Securehoney)