CryCryptor Android Ransomware
CryCryptor has been targeting Android users mostly in Canada. It is distributed via two websites as an official COVID-19 tracing app provided by Health Canada, however this is not the case it is ransomware.
The websites have now been taken down and ESET researchers wrote a decryption tool for its victims, based on a bug in the malicious app.
There is an Android decryption app for those affected with the CryCryptor ransomware – note this may only work on certain versions of CryCrypter.
Indicators of Compromise (IoCs)
https://covid19tracer[.]ca/
https://tracershield[.]ca/
| com.crydroid | 322AAB72228B1A9C179696E600C1AF335B376655 | Trojan.Android/CryCryptor.A |
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.