COVID-19 Tracing Apps Disguised as Ransomware

7 Jul

As COVID-19 tracing apps roll out across the world chances are good that one will be coming to a phone near you, soon. Whether these apps slow the rate of infections by identifying people potentially exposed to the virus, who then need to self-isolate to reduce further exposure – is still unproven, yet varying apps are emerging.

When Canada recently announced the future roll-out of a COVID-19 contact tracing app, the interest of millions was piqued – including cybercriminals’.

In fact, just 2 days after the announcement in Canada – and even before the tracing app went live – cybercriminals got to work on creating websites that appeared to be offering the app for download. The reality, of course, is that these websites were offering a file that looked just like an app, when in fact it was a file that downloads ransomware known as “CryCryptor” to the device. Once downloaded, the app holds the device’s content to ransom. The fraudulent websites are called Tracershield and Covid19tracer.

What’s the Result of Downloading the Fake Covid-19 Contact Tracing App?

When a mobile phone user accidentally or unwittingly installs the fake contact tracing app, the usual things happen, but only for a few moments.

First, the app will request access to certain files. All apps do this, and many users absentmindedly accept the request without fully understanding what they are doing. This is when the ransomware gets to work encrypting all the contents on the device…including the images. The app then leaves a brazen demand note in each of the files where content is encrypted, requesting a ransom.

What to do if Fall Victim to the CryCryptor Ransomware

If you have visited any of the fraudulent Covid-19 tracing websites and unwittingly installed the ransomware files, you’ll be happy to hear that experts in the industry have worked hard to create a decryption tool for the current version of the ransomware. You can get your hands on it on the GitHub website here.

Word of Warning

As a word of warning, CryCryptor is not the only ransomware or malware that preys on people’s fears and insecurities surrounding COVID-19. Make sure that you always research the trustworthiness of applications before you download them.

Of course, you should also make sure that you do regular backups of your devices (documents, music, files, and images) to the cloud, so that if you inadvertently make the mistake of downloading malicious ransomware, you still have a copy of your data, safe, sound, and encrypted in the cloud. You can chat to our team at Soteria Cloud about safely encrypting and backing up data or find a package on our website that suits your backup requirements.

Comments are closed.