Cybercriminals are disguising ransomware as a beta version of Cyberpunk 2077 for Android.
No more readily was Cyberpunk 2077 on the rampage for Windows and soothes than we came through a “beta version for Android” online. It was entirely free to download from a site comportment the name cyberpunk2077 mobile[.]com. The fixture’s definite designer
has yet to declare any mobile version of the game, so we definite to scrutinize.
Cyberpunk 2077 for Android? No, it’s ransomware
The website for the supposed mobile version appears nothing like Cyberpunk 2077‘s official site — it expressions additional like Google Play, in reality. Its initiator’s entitlement the beta version was unconstrained on the same day as the indorsed relief, and (at the time of this post) had been downloaded about 1,000 times. Some of the consumers had even left comments, proverb it wasn’t wicked for a beta version.
Though the website lists the app’s size at 3.4GB, the file is less than 3MB. Did the inventors also generate certain types of innovative firmness technology on the side? Not likely.
Affecting sideways, on its preliminary run, the bogus beta demands entree to documents on the device. In notion, an app might essential few files admission to protect or open approximately, but no game needs your photos and videos just to load. Though, this app will not run without authorization.
If user endowments that consent, however, they will see a ransom demand, not the game they wanted.
The communication is in somewhat twisted English, and it notifies the target that all of their selfies and other significant documents are now converted. To recuperate them, the cyber criminals request $500 in bitcoin within 24 hours. (Or 10 hours. The payment note indications both stages.) Anyway, the note endures, if the object doesn’t convey the money in time, the malware will lastingly rub out the whole thing.
According to the note, any effort to eliminate the ransomware will be pointless and outcome in the defeat of the files.
Are the encrypted files recoverable?
We tested to realize what actually occurs to the files on an infected device. The files are undeniably scrambled and allocated the postponement. coderCrypt. In addition to that, the malware places a README.txt file, holding the equal ransom note, in each folder.
Though, the records are recoverable. That’s since the malware uses the RC4 symmetric encryption algorithm. The symmetric part means the same key both encrypts and decrypts the documents. In such a case, the key was hard-coded into the app, and in all of the samples that we come across, it was this: 21983453453435435738912738921.
Since RC4 is fairly shared, it is likely to recover the records by hand, for example, by using an online RC4 decryption provision or contacting our operator care team. What’s more, at least for the version of the malware we examined, the 10- (or 24-) hour time limit is absolutely unconnected. The ransomware won’t remove whatever after a time — its code contains no such function.
Even so, equivalent a copy of the encrypted records before make an effort to reinstate them is value your time, in the matter, the retrieval function flops.
Cyberpunk 2077 ransomware: Windows version
Unfortunately, records encoded by ransomware are not continuously easy to recuperate. For example, the authors of the forged Data. Cyberpunk 2077 for Android is also allocating ransomware for Windows disguised as the same game. In that case, however, the key is not hard-coded into the app but erratically spawned for each infection case, so victims have no easy way to decrypt affected files.
Should you pay up?
At the time of this lettering, more than $8,000 in bitcoin had been moved to the cybercriminals’ wallet. Meanwhile, file recovery is in no way guaranteed. The ransomware makers might merely vanish with the money or, finding targets willing to pay, demand more. Therefore, we intensely counsel against paying the ransom.
Kaspersky specialists assist ransomware sufferers by learning malicious code and discovering ways to decrypt files — in other words, we write free decryptors. You can catch many of them on the NoMoreRansom website, formed particularly to security such attacks, or on our support website. If you do get hit by ransomware, make those means your first port of call. Even if no decryptor occurs for your particular problem yet, it is possible, even likely, that one will appeHow to stay safe from ransomware
The best tip, clearly, is to escape ransomware in the first place — even ransomware temptingly disguised as a popular game. To defend yourself, detecting basic digital hygiene may avail.
Download apps only from authorized stores or from the developer’s certified website.
Scan for news of beta versions, releases, and upgrades on the developer’s website. If the developer has no evidence, or the game is not formally out yet, whatever else is fake.
Use a dependable security solution on all strategies to catch malware before it can do any harm. For example, our products nail the fake–Cyberpunk 2077 ransomware for Android with the verdict HEUR: Trojan-Ransom.AndroidOS.Agent. bs, and the version for Windows as Trojan-Ransom.Win32.Alien. ao.
Back up main files so you can recover them promptly in case of harm or damage.
We truly care about our users and our product.