Canadians are being targeted by a new ransomware campaign masquerading as an official Coronavirus contact tracking app
Discovered by researchers at cybersecurity firm ESET, the ransomware, called CryCryptor, infects Android devices and encrypts unsuspecting victims' files
Online scammers are distributing the ransomware through two websites claiming to offer official contact tracking services from Health Canada created in early June, the ransomware uses source code from the programming repository Github
"CryCryptor surfaced just days after the Canadian government officially announced its intention to support the development of a nationwide voluntary tracking app called COVID Alert," ESET's Lukas Stefanko explained in a blog post
"The official app will be tested and rolled out in Ontario as early as next month
After conducting a detailed analysis of the ransomware, ESET researchers posted a decryption app on Github that allows users to decrypt files compromised by CryCryptor
According to Stefanko, the ransomware encrypts "all of the most common types of files," while a "readme" file containing the scammer's email address appears in "all directories containing encrypted files"
ESET researchers encountered the ransomware on Twitter and, after analyzing it, discovered a flaw that allows scammers to "launch exported services provided by the ransomware"
Once launched, the ransomware gains the necessary permissions to enter files and then encrypt them However, the phone screen is not locked and the device is still usable
"The selected files are encrypted using AES with a randomly generated 16-character key; after CryCryptor encrypts the files, three new files are created and the original files are deleted [The encrypted files are appended with the extension "enc" and the algorithm generates a unique salt for each encrypted file and stores it with the extension "encsalt"
Once all files have been encrypted, the user will receive a notification that "your personal files have been encrypted, see readme_nowtxt" This will appear on all files that have been compromised
To avoid becoming a victim of this ransomware, ESET recommends the following: "To avoid becoming a victim of this ransomware, ESET recommends the following "In addition to using a high-quality mobile security solution, we recommend that Android users install apps only from trusted sources, such as the Google Play Store
To use ESET's own decryption tool,https://githubcom/eset/cry-decryptor/releasesを参照し、「CryDecryptorapk」という名前のファイルをAndroid携帯、またはMacやPCにダウンロードする。
If you downloaded it directly to your Android device, locate the downloads folder in the file manager, find the downloaded CryDecryptorapk, and double-click it
Your phone will warn you that this is a suspicious file (which is normal) and prompt you to change your file manager permissions to allow the installation of third-party apps
If you downloaded the file to your Mac or PC, you can connect your Android phone to your computer using a USB cable In the computer's file manager, you should be able to copy and paste the APK file to a specific location on your Android device
Comments