CryCryptor Ransomware
Numerous cyber crooks have clocked on the opportunity to use Coronavirus-themed propagation tricks to spread various online tactics or different strains of malware. One of the newest ransomware threats, which uses the panic surrounding the COVID-19 pandemic to spread, is dubbed the CryCryptor Ransomware. This new ransomware threat targets Android devices exclusively.
Propagation and Encryption
The authors of the CryCryptor Ransomware are using a bogus application called 'COVID-19 Tracer application' to distribute the data-locker. The fake application in question is hosted on various third-party application stores, as well as fraudulent Web pages. If the users come across the 'COVID-19 Tracer application' and try to install it on their devices, they will deploy the CryCryptor Ransomware on their systems. Once the CryCryptor Ransomware is installed on the targeted Android device, it will proceed to encrypt the files present on the system. This file-locked targets specific Android directories. Upon locking a targeted file, the CryCryptor Ransomware would alter its filename. Due to some quirks of the file-encryption scheme that the CryCryptor Ransomware uses, victims may found several copies of their encrypted files, and they will bear different file extensions -' .enc,' '.enc.iv' and '.enc.salt.' This means that a file locked by the CryCryptor Ransomware that was named 'spring-rose.jpeg' originally, will be renamed to 'spring-rose.jpeg.enc' and would trigger the creation of two other copies named 'spring-rose.jpeg.enc.iv' and 'spring-rose.jpeg.enc.salt.'
The Ransom Note
Most Android ransomware threats would lock the users out of their devices in an attempt to pressure them into paying the ransom fee. However, this is not the case with the CryCryptor Ransomware. Instead, the CryCryptor Ransomware would simply drop its ransom note on the user's device. The file that contains the ransom message is named 'readme_now.txt.' The CryCryptor Ransomware would launch the no automatically to ensure that the user reads it. The ransom message is brief and only asks the user to get in touch with the attackers via email – ‘supportdoc@protonmail.ch.'
You should avoid contacting cybercriminals as they cannot be trusted. Even if you pay them, it is highly likely that you will not be provided with a decryption tool to recover your data. This is why you should remove the CryCryptor Ransomware from your Android device with the aid of a reputable anti-virus application that is compatible with your OS.
