Android users should watch out for a malicious screen locker called CovidLock Ransomware. It locks an infected device’s screen to prevent its owner from accessing it. Also, it should show a ransom note saying that the only way to get the device unlocked is to pay $250. If a user does not, hackers threaten to make his personal data public. Plus, cybercriminals claim that the threat encrypts personal files too and that users who do not pay will lose their data forever. However, researchers say that the malware should not encipher any files. Thus, it is possible that they will not make victims’ files public either. If you read our full report, you can find out more about what CovidLock Ransomware does and how it might be possible to unlock your device without paying the ransom.
To begin with, we should explain how users could encounter CovidLock Ransomware. The malware masquerades as a tracking application that shows locations of people with COVID-19 around the world. It is called Coronavirus Tracker. Our specialists say that even if the malicious website that offered it no longer works, it could be still distributed through harmful file-sharing sites, malicious pop-ups, and so on. It is likely that victims who downloaded it could came across the sites distributing it while looking for information about COVID-19. There are already many threats and websites targeted at people who are distracted by COVID-19 and we have no doubt that there will be many more of them. Therefore, we advise being careful when you search for statistics or anything related to Coronavirus. Also, if you want to protect your system from similar threats, you should employ a reliable antimalware tool and be careful when picking new tools.
First, if a user opens the Coronavirus Tracker, he should be asked to allow it to optimize the device’s battery. Of course, it is only an excuse for it to run in the background. Next, CovidLock Ransomware ought to ask to give it an access to the device’s Accessibility feature, which might help the malicious application to stay persistent. Eventually, users should be asked to allow the threat gain administrator rights. By agreeing to give them, victims end up enabling malware to lock their devices’ screens. However, the malicious application should not lock the screen right away. At first, it ought to display a button called Activate. The description near this button says that by pressing it you will activate a feature that will alert you if a “coronavirus patient is near you.” This should raise a suspicion because governments do not announce COVID-19 patients’ names or their locations. Besides, those who test positive for the virus are usually isolated, so it is unlikely that you will run into a person who knows that he is carrying the virus in a public place.
Sadly, if a user does not realize that it would be impossible to provide the alerts that Coronavirus Tracker offer and clicks the Activate button, his device should get locked. On top of the screen, victims ought to see CovidLock Ransomware’s ransom note. It might claim that hackers have copied all their private data and will upload it on the Internet if users do not pay ransom. Also, the ransom note might say that all private files were encrypted and can only be decrypted with the hackers’ assistance. As said earlier, some researchers who tested this threat say that their samples did not encrypt any data, which is why we believe that the hackers could be lying about copying files onto their server. If you believe they are lying too, we advise ignoring the malware’s ransom note.
Researchers found a password (4865083501) that ought to unlock devices locked by CovidLock Ransomware. If you have no other way to get back the control of your device, we advise trying this code. If it works, we advise removing Coronavirus Tracker immediately to delete CovidLock Ransomware. Afterward, it is recommendable to check your device with a reliable security tool too to find out if the malicious application is really gone as well as learn if there are no other threats.