Early this April, an increase of infection rates by a variant of ransomware known as Android/Ransom.SLocker.fh was seen.
Ransomware targets Tencent users
An especially relevant trait of SLocker.fh is its use of Tenpay to send payment to the criminals. Tenpay is an integrated payment platform by Tencent — China’s largest Internet service portals. Thus, it is no surprise that SLocker.fh originates from China.
In order to pay, users must have a QQ ID to send payment; which is provided. Since Tencent’s most popular platform is QQ Instant Messenger, the criminals are probably targeting these users the most.
Full Article