Home > Mobile Threats > Android > .AnubisCrypt Files (Android Ransomware) – WHAT IS IT + Remove It

.AnubisCrypt Files (Android Ransomware) – WHAT IS IT + Remove It

What are .AnubisCrypt files? What is .AnubisCrypt ransomware? How to remove .AnubisCrypt ransomware from Android? How to try and get back .AnubisCrypt files?

Yet another ransomware virus for Android devices is here, appending the .AnubisCrypt file extension. The ransomware has been detected to pretend to be a legitimate barcode scanner app, but instead it begins to scan for to encrypt important files so that you can no longer open them on your computer. In case your mobile device has been infected by .AnubisCrypt files ransomware, we suggest that you read this article thoroughly.

Threat Summary


.AnubisCrypt Files Virus

Type Ransomware for Android.
Short Description Aims to encrypt the files on you Android device and ask you to pay ransom to get them back.
Symptoms Files cannot be opened and they have the .AnubisCrypt file extension added to them.
Distribution Method Via fake Barcode scanner app.
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join our forum to Discuss El Gato Ransowmare.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.AnubisCrypt Ransomware – How Did I Get It and How Does It Work

There is only one method via which this ransomware virus is spread. It may be replicated as a result of being advertised as an app that is a fake barcode scanner. The app in question looks like the following:

Image Source: Lukas Stefanko – https://twitter.com/LukasStefanko/status/1115246474168868864

Be advised that if this app is blocked, crooks may switch to another app that may not yet be know, so be careful which apps you add to your phone.

Researchers have not yet established the encryption algorithm used by this ransomware, but one thing is for sure – it renders the following files on your smartphone to be no longer usable:

  • Documents.
  • Video files.
  • Image files.
  • App files.

Once the encryption process of this ransomware is done, the files on your smartphone will start to appear like the following:

Image Source: Lukas Stefanko – https://twitter.com/LukasStefanko/status/1115246474168868864

In addition to this the situation may also be much worse for the important data on your phone as well. The main reason for that is that this ransomware appears to share a similar code with a known banking virus, called Anubis (detected as ANDROIDOS_ANUBISDROPPER(https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/). It’s main goal was to connect to a C&C server and related information from your phone to the cyber-criminals’ servers. This can result in any financial data on your phone, like PayPal, bank and other login names and passwords to be directly stolen. This is why if you have become a victim of the .AnubisCrypt ransomware, you should immediately focus on removing it.

Remove .AnubisCrypt Ransowmare from Your Android Device

For the removal of this app, a simple uninstall won’t cut it. You will need to make sure that your phone is clear from any malware, and your phone also need to be protected against any infections in the future, too. The .AnubisCrypt ransomware virus should be fully gone with all its files and objects. We strongly advise that you move all your contacts and files to a computer, where you can try to fix them when a decrypter for AnubisCrypt comes out. Until then, you can simply do a hard reset of your device and change all your financial information and passwords used for all your apps.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Preparation before removal of malware.

Before starting the actual removal process, we recommend that you do the following preparation steps.

  • Turn off your phone until you know how bad is the virus infection.
  • Open these steps on another, safe device.
  • Make sure to take out your SIM card, as the virus could corrupt it in some rare cases.

Step 1: Shut Down your phone to win some time

Shutting down your phone can be done by pressing and holding its power button and choosing shut down.

In case the virus does not let you do this, you can also try to remove the battery.

In case your battery is non-removable, you can try to drain it as fast as possible if you still have control over it.

Notes: This gives you time to see how bad the situation is and to be able to take out your SIM card safely, without the numbers in it to be erased. If the virus is on your computer, it is espeically dangerous to keep the sim card there.

Step 2: Turn on Safe Mode of your Android device.

For most Android devices, switching to Safe Mode is the same. Its done by following these mini-steps:

1.Turn on your device and hold the power button until you see the following menu:

2.Tap on Safe Mode Icon to reset your phone to Safe Mode, like shown below:

3.When you turn on your phone, you will see the letters “Safe Mode” written on the side, bottom or other corners of the screen. Your phone will also be in Airplane mode. This will help avoid any viruses communicating with the hacker.

Step 3: Eliminate the App that Your Believe is the Virus

Usually Android viruses get masked in the form of applications. To eliminate apps, follow these mini-steps:

1.Swipe down from the top of your phone and locate the Settings symbol and tap on it.

2.When you open the Settings menu, you should be able to locate the control center of all your App Permissions. It should look something like the following:

3.Now if you know which the virus or adware app is, you should locate it and tap on it:

4.When you enter the app, you will see two options – to Force Stop it and to Uninstall it. Make sure to first Force Stop it so that your phone is safe from any tripwire tactics of the app that may destroy it an then tap on Uninstall to remove it.

5.Now if you are sure that the virus or adware app is removed, you can hold the Power button and tap on Restart:

Step 4: Find Hidden Virus Files on Your Android Phone and Remove Them

1.To find hidden files manually (In case you know where the virus files are), you can use Safe Mode to go to where your Files are actually located. Usually, this is a folder, named “My Files” or something approximate to this:

2.There you should be able to locate all of your files and all of the folders:

Simply locate the virus and hold-tap on the virus file to delete it.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree