.CryEye (DoubleLocker) Files Virus – How to Remove + Restore Data

This article aims to show you how to erase CryEye ransomware from your Android device and how to restore files that have been encrypted by this virus.

Android ransomware is gaining popularity with newer and newer variants continuing to be detected. One such virus is the CryEye ransomware which encrypts the files on your Android device and adds the .cryeye file extension to them. The is most likely one of the first more serious ransomware virus which we have detected to use the AES cipher effectively. CryEye ransomware demands a ransom payment of 0.0130 BTC to cyber-criminals and the payment must be made in approximately 24 hours else the cyber-criminals threaten to delete the decryption keys. If you Android smartphone or tablet has been infected by CryEye ransomware we strongly recommend that you immediately read the following article to learn how to remove this ransomware and try to recover your files without paying BitCoins to the cyber-criminals.

Threat Summary

Name CryEye Ransomware
Type Android Ransomware, Cryptovirus
Short Description Installes itself on your android device and locks you out of it, encrypting files and demands 0.0130 BTC ransom payoff to decrypt them for you.
Symptoms The virus adds a .cryeye file extension to the encrypted files and in addition to this locks you out of your phone by changing your PIN code.
Distribution Method Malicious web links and smartphone redirects. Malicious apps installed from Google Play.
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join Our Forum to Discuss CryEye Ransomware.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryEye Ransomware Spread

In order to infect victims, this ransowmare virus may advertise suspicious apps via websites, via adware that has previously affected your Android, or most ofte via apps downloaded from Google PlayStore. Such apps have also been reported to cause numerous issues since in Google PlayStore there are too many apps to be thoroughly checked. And while there are those applications that are legitimate, they may establish connection to a malicious website, after you install them and give them permissions to do just that. After doing so, you lose control over your Android device. One way to protect yourself at least partially from those infection methods is to use a VPN service which blocks apps, like DNS66, for example.

Related Story: How to Fully Block All Ads on Your Android Device Using DNS66 (2017)

CryEye Ransomware – More Information

DoubleLocker or CryEye ransomware is an Android ranosomware which locks down the devices of victims. This virus has many capabilities, the primary of which is to gain permissions on your Android device.

As soon as the device is infected, the malware immediately modifies the .apk file on it, responsible for the PIN code and changes the default PIN, thus locking you out of your own smartphone. The lockscreen is replaced with the following screen, resulting in this message to appear:

CryEye Ransomware – Encryption

When it comes to the encryption process of CryEye ransomware, the virus aims to perform multiple different types of activities on the victims’ computers. The main of those activities is to locate the files. To do this, the virus scans for files with file extensions, associated with the following file types:

  • Documents.
  • Videos.
  • Audio files.
  • Pictures.
  • Archives.

In addition to this, the ransomware virus is also the type of infection that changes the file extension to .cryeye. This makes the files appear like the following example:


The files are also encrypted via AES-256 encryption algorithm, resulting in them becoming no longer able to be opened. An assymetric key is generated which is used for the decryption of the files and it is known only to the cyber-criminals.

Remove CryEye Ransomware and Restore Your Files

If you want to remove this virus, we recommend you to follow the instructions down below.


Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Stay tuned
Subscribe for our newsletter regarding the latest cybersecurity and tech-related news.