.CryEye (DoubleLocker) Files Virus – How to Remove + Restore Data

.CryEye (DoubleLocker) Files Virus – How to Remove + Restore Data

This article aims to show you how to erase CryEye ransomware from your Android device and how to restore files that have been encrypted by this virus.

Android ransomware is gaining popularity with newer and newer variants continuing to be detected. One such virus is the CryEye ransomware which encrypts the files on your Android device and adds the .cryeye file extension to them. The is most likely one of the first more serious ransomware virus which we have detected to use the AES cipher effectively. CryEye ransomware demands a ransom payment of 0.0130 BTC to cyber-criminals and the payment must be made in approximately 24 hours else the cyber-criminals threaten to delete the decryption keys. If you Android smartphone or tablet has been infected by CryEye ransomware we strongly recommend that you immediately read the following article to learn how to remove this ransomware and try to recover your files without paying BitCoins to the cyber-criminals.

Threat Summary

NameCryEye Ransomware
TypeAndroid Ransomware, Cryptovirus
Short DescriptionInstalles itself on your android device and locks you out of it, encrypting files and demands 0.0130 BTC ransom payoff to decrypt them for you.
SymptomsThe virus adds a .cryeye file extension to the encrypted files and in addition to this locks you out of your phone by changing your PIN code.
Distribution MethodMalicious web links and smartphone redirects. Malicious apps installed from Google Play.
Detection Tool See If Your System Has Been Affected by CryEye Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss CryEye Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryEye Ransomware Spread

In order to infect victims, this ransowmare virus may advertise suspicious apps via websites, via adware that has previously affected your Android, or most ofte via apps downloaded from Google PlayStore. Such apps have also been reported to cause numerous issues since in Google PlayStore there are too many apps to be thoroughly checked. And while there are those applications that are legitimate, they may establish connection to a malicious website, after you install them and give them permissions to do just that. After doing so, you lose control over your Android device. One way to protect yourself at least partially from those infection methods is to use a VPN service which blocks apps, like DNS66, for example.

Related Story: How to Fully Block All Ads on Your Android Device Using DNS66 (2017)

CryEye Ransomware – More Information

DoubleLocker or CryEye ransomware is an Android ranosomware which locks down the devices of victims. This virus has many capabilities, the primary of which is to gain permissions on your Android device.

As soon as the device is infected, the malware immediately modifies the .apk file on it, responsible for the PIN code and changes the default PIN, thus locking you out of your own smartphone. The lockscreen is replaced with the following screen, resulting in this message to appear:

CryEye Ransomware – Encryption

When it comes to the encryption process of CryEye ransomware, the virus aims to perform multiple different types of activities on the victims’ computers. The main of those activities is to locate the files. To do this, the virus scans for files with file extensions, associated with the following file types:

  • Documents.
  • Videos.
  • Audio files.
  • Pictures.
  • Archives.

In addition to this, the ransomware virus is also the type of infection that changes the file extension to .cryeye. This makes the files appear like the following example:

Image.jpg.cryeye

The files are also encrypted via AES-256 encryption algorithm, resulting in them becoming no longer able to be opened. An assymetric key is generated which is used for the decryption of the files and it is known only to the cyber-criminals.

Remove CryEye Ransomware and Restore Your Files

If you want to remove this virus, we recommend you to follow the removal instructions down below and choose the model of your smartphone. In addition to this, we also recommend you to plug it on your computer and use the alternative methods below in order to attempt and recover the files that have been encrypted with the .cryeye file extension. Be advised to always perform a backup before the actual removal.

1. Back up the data on your device
2. Hard-reset your device and remove CryEye Ransomware
3. Restore missing or corrupt files using special file restoration software

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...