SLocker malware is back. This is how we protect you.

Remember the SLocker malware outbreak you heard about last summer? The one that held Android devices ransom until the user paid whatever the hacker demanded? The threat that seemingly disappeared after only a few weeks?

We do. It affected thousands of mobile devices, wreaking havoc on the global business community. But don’t be fooled – malware doesn’t disappear that easily.

Wandera Secure Gateway has discovered that SLocker is making a comeback, and this time it is more resilient to the defensive protections provided by security tools.

The Wandera mobile intelligence engine, MI:RIAM, has identified nearly 400 unique samples of SLocker malware in distribution, and that number is rapidly increasing.

These 400 variants of the so called ‘polymorphic’ exploit are not only designed to evade detection by signature-based scanners, but they also contain new malicious functionality.

What is SLocker malware?

SLocker is a ransomware that encrypts images, documents and videos on your mobile device to later ask for ransom to decrypt the files. Once the malware is executed, it starts a service that runs in the background of your device without your knowledge or consent.

While initially operating stealthily, once the file encryption process is complete, the service will hijack your phone, blocking your access, locking your screen and constantly showing you an intimidating message. This message usually threatens to expose or destroy the information on your device. Some versions of SLocker have been known to accuse you of having ‘perversions’ on your device in order to frighten you into compliance.

The only way to take back full control of your phone is to pay the ransom demanded, or risk destruction or exposure of your personal data.

How we protect you

While traditional security engines rely on identical signature-based detection, MI:RIAM learns the structural patterns of malware and other threats, enabling her to uncover brand new threats like SLocker and protect your mobile fleet.

Not only that, but MI:RIAM enables Wandera to block these attacks proactively through its secure mobile gateway, stopping them before they even reach the device. This can only occur thanks to her continuous knowledge of the fleet’s traffic.

Every single device enabled with Wandera is monitored and analyzed by MI:RIAM, for every single second of every single day.

Many businesses are currently being hit over and over again by variations of perpetuating malware attacks that their security solution cannot recognize or protect against.

In contrast, Flexinets customers can sleep soundly, knowing they are protected by MI:RIAM’s always-on detection capabilities.