So [Oliver] set out to use a microcontroller to brute-force the EFI PIN. You can read his back story at the link above. He had the chance to enter a 4-digit pin before the format process.

Past studies have revealed the most common PIN numbers, and it's clear that a six digit PIN like "123456" is going to be easier for an attacker to crack than a truly randomly-generated code.

It's the first known Android lock-screen ransomware to set a phone's PIN lock. Because it requires non-paying victims to factory reset their phones, it causes them to lose all of their data.