There is a new ransomware strain that has been targeting specifically Android users in Canada, ESET reports. CryCryptor has distributed on two websites disguised as an official COVID-19 tracing app provided by Health Canada. ESET researchers analyzed the ransomware and created a decryption tool for the victims.
CryCryptor surfaced just a few days after the Canadian government officially announced its intention to back the development of a nation-wide, voluntary tracing app called COVID Alert. The official app is due to be rolled out for testing in the province of Ontario as soon as next month.
Once the user falls victim to CryCryptor, the ransomware encrypts the files on the device – all the most common types of files – but instead of locking the device, it leaves a “readme” file with the attacker’s email in every directory with encrypted files.
The CryCryptor ransomware is based on open source code on GitHub. It was discovered using a simple search based on the app’s package name and a few strings that looked unique.