Early in June, Ars reported the discovery of Android/Simplocker , which appeared to be the first cryptographic ransomware Trojan targeted at Android devices. Simplocker encrypts photos, documents, and videos in devices’ local storage and then instructs the device owner to send money if they ever want to see that content again.

One researcher—Simon Bell, an undergraduate student at the University of Sussex—managed to dissect the code for Simplocker. He found that while the code actually called back to a command and control server over the Tor anonymizing network to pass information about the infected device, all of the encryption work was done by the malware itself.

Today, Bell released an antidote to Simplocker—a Java program that can decrypt the files attacked by the malware. “The antidote was incredibly easy to create because the ransomware came with both the decryption method and the decryption password,” Bell wrote. “Therefore producing an antidote was more of a copy-and-paste job than anything.”

The malware, which has not yet been discovered within any apps in the Google Store or other app store sites, appeared to be a roughly hewn proof of concept—its code was easily teased out because the developer didn’t use any code obfuscation. But as Bell noted, if Simplocker gets turned into a full-fledged attack tool, it’s likely that the improved version will be much more difficult to reverse-engineer—and will probably not use a hard-coded encryption key.