As if the continuing spread of coronavirus was not enough to contend with, cybercriminals have been taking advantage of the concern and panic to try to extract money from people. Just a couple of days ago, we wrote about the CovidLock ransomware – a malicious Android app pretending to be a coronavirus tracker.
The ransomware was discovered by DomainTools, and the researchers at the security firm promised they would release the decryption key free of charge as soon as they has managed to reverse engineer CovidLock. And now the decryption key has been released
DomainTools was successful in its attempt to reverse engineer the ransomware and found that a decryption key was hardcoded in CovidLock. The group says that it is not clear whether or not this is the one and only decryption key that works, or if it is the one that is sent out to victim who agree to pay the ransom, but the point is that it works.
Security firm EMET tweeted about the discovery, sharing the good news with Twitter users:
#ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use “4865083501” code to unlock it. Key is hardcoded. @LukasStefanko Details: https://t.co/6fIm5STFIU pic.twitter.com/ojkRkGznPNMarch 17, 2020
Data decryption for free
Since our original story, DomainTools has now published a technical write-up about the CovidLock ransomware. In it, the company notes that – having monitored the relevant Bitcoin wallet — there is currently no indication that anyone has paid the ransom, so the cybercriminals behind the tool have failed to profit.
So, as both DomainTools and EMET note, if you were unlucky enough to fall victim to the CovidLock ransomware, the code you need to enter is 4865083501. Type in these digits and you should find that your data is unlocked and available to you without the need for you to part with a $100 Bitcoin payment.