Tatyana Shishkova, a malware analyst for Kaspersky recently shared a tweet showcasing the fake app. She says that she downloaded the version from a fake website imitating the Google Play Store. You can check out her tweet right below.
— Tatyana Shishkova (@sh1shk0va) December 16, 2020 Now, as you can see, Shishkova notes that it is a new Android ransomware app disguised as Cyberpunk 2077. The ransomware is called CoderWare, which is a variant of BlackKingdom. So, when innocent users download the app thinking it as a legit game, it acts like other malware apps and takes the user’s data hostage. Once the user’s data gets encrypted, he/she will then have to pay $500 (~Rs 36,915) in Bitcoin to decrypt it. Moreover, the user will get only 10 hours to pay the ransom. Otherwise, all the data will be permanently deleted. Thankfully, Tatyana found a way to decrypt the data without paying the ransom. She mentions that there is a hardcoded decryption key in the CoderWare ransomware. You can check it out right below.
So, affected users can take this decryption key and use a decryptor to get back their files and data without paying a single buck. Featured Image Courtesy: Tatyana Shishkova (@sh1shk0va)