Yet another ransomware virus for Android devices is here, appending the .AnubisCrypt file extension. The ransomware has been detected to pretend to be a legitimate barcode scanner app, but instead it begins to scan for to encrypt important files so that you can no longer open them on your computer. In case your mobile device has been infected by .AnubisCrypt files ransomware, we suggest that you read this article thoroughly.
.AnubisCrypt Files Virus
|Type||Ransomware for Android.|
|Short Description||Aims to encrypt the files on you Android device and ask you to pay ransom to get them back.|
|Symptoms||Files cannot be opened and they have the .AnubisCrypt file extension added to them.|
|Distribution Method||Via fake Barcode scanner app.|
|Detection Tool|| See If Your System Has Been Affected by .AnubisCrypt Files Virus |
Malware Removal Tool
|User Experience||Join our forum to Discuss El Gato Ransowmare.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.AnubisCrypt Ransomware – How Did I Get It and How Does It Work
There is only one method via which this ransomware virus is spread. It may be replicated as a result of being advertised as an app that is a fake barcode scanner. The app in question looks like the following:
Be advised that if this app is blocked, crooks may switch to another app that may not yet be know, so be careful which apps you add to your phone.
Researchers have not yet established the encryption algorithm used by this ransomware, but one thing is for sure – it renders the following files on your smartphone to be no longer usable:
- Video files.
- Image files.
- App files.
Once the encryption process of this ransomware is done, the files on your smartphone will start to appear like the following:
In addition to this the situation may also be much worse for the important data on your phone as well. The main reason for that is that this ransomware appears to share a similar code with a known banking virus, called Anubis (detected as ANDROIDOS_ANUBISDROPPER(https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/). It’s main goal was to connect to a C&C server and related information from your phone to the cyber-criminals’ servers. This can result in any financial data on your phone, like PayPal, bank and other login names and passwords to be directly stolen. This is why if you have become a victim of the .AnubisCrypt ransomware, you should immediately focus on removing it.
Remove .AnubisCrypt Ransowmare from Your Android Device
For the removal of this app, a simple uninstall won’t cut it. You will need to make sure that your phone is clear from any malware, and your phone also need to be protected against any infections in the future, too. The .AnubisCrypt ransomware virus should be fully gone with all its files and objects. We strongly advise that you move all your contacts and files to a computer, where you can try to fix them when a decrypter for AnubisCrypt comes out. Until then, you can simply do a hard reset of your device and change all your financial information and passwords used for all your apps.