CryCryptor Android Ransomware

CryCryptor has been targeting Android users mostly in Canada. It is distributed via two websites as an official COVID-19 tracing app provided by Health Canada, however this is not the case it is ransomware.

The websites have now been taken down and ESET researchers wrote a decryption tool for its victims, based on a bug in the malicious app.

There is an Android decryption app for those affected with the CryCryptor ransomware – note this may only work on certain versions of CryCrypter.

Indicators of Compromise (IoCs)

https://covid19tracer[.]ca/
https://tracershield[.]ca/

com.crydroid322AAB72228B1A9C179696E600C1AF335B376655Trojan.Android/CryCryptor.A

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: