Home > Mobile Threats > Android > Remove El Gato Android Ransomware and Restore Locked Devices

Remove El Gato Android Ransomware and Restore Locked Devices

el-gato-ransomware-cat-senoststechforumAn orange cat making a funny face this is what victims of El Gato (cat) ransomware see when their Android phones have been infected by this virus. McAfee labs researchers from its mobile division have seen that this virus’ is controlled remotely and it aims to make an android device no longer to be useful unless the victim pays a provided ransom payment. In addition to this El Gato has also been reported to have an infostealing ability allowing it to steal text messages and other information. In case you have been infected by El Gato ransomware, we strongly advise you to read this article thoroughly and learn how to clear your device from El Gato ransomware and try to get your files back.

Threat Summary


El Gato

Type Android Malware/ Lockscreen/Ransowmare
Short Description The El Gato Android ransomware locks the files of Android devices, displays a lockscreen, steals information and may send SMS from it.
Symptoms Locked screen displaying a cat.
Distribution Method Malicious third-party apps or malicious URLs.
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join our forum to Discuss El Gato Ransowmare.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

El Gato – How Does It Spread

So far, El Gato is in early stages of development and researchers have spotted it, which means that it is less likely to spread massively yet. However, if it is to be widespread, this may happen via several different methods:

  • Malicious URLs opened on the device’s web browser.
  • Malicious apps installed from a third-party app provider other than Google Play store.

El Gato Ransomware – More Information

Upon infection, El Gato ransomware, may perforom several malicious activities on the device. For starters, the virus connects remotely to the cyber-criminals’ C&C servers. From there, they assume a remote-control like access enabling them to use the many features of the El Gato virus.

One of its “extras” is primarily associated with locking the screen of users and possibly displaying an image of a funny and cute cat. However, there is nothing cute about this virus. The access can be blocked by adding a lockscreen to the device which can be done by modifying the screensaver.

Not only this, but the creators of El Gato ransomware also have the ability to steal information from the infected device. They can obtain text messages, system information, contact information.

Besides stealing such I formation, DigitalTrends researchers report that El Gato virus also has the capability of sending text messages from it’s victims phones.

Besides those, probably the worst feature of the phone is that it may eventually pose a grave threat to your data as well. The El Gato virus has the ability to encrypt user files as well, making decryption that is direct almost impossible.

After encryption, the El Gato virus may generate a randomly made password, different for every infection and the attacker may demand a different payment and methods of payment, for example 1 BTC via Tor networking or payment via SMS to a remotely operated and automated short messaging service.

Remove El Gato Ransowmare from Your Android Device

Removing this virus may be a tricky thing, especially if it has encrypted your files. This is why we advise you to try and enter the safe mode of your phone, connect it to a computer and copy the files onto it. In case the files on your phone are encrypted and important to you, you should first determine the type of encryption algorithm used. Then use the appropriate decryptor.

We have prepared the instructions below that will surely help you to get rid of this ransomware from your device. We strongly advise you to try and access your files and copy them somewhere else before attempting this removal.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Preparation before removal of malware.

Before starting the actual removal process, we recommend that you do the following preparation steps.

  • Turn off your phone until you know how bad is the virus infection.
  • Open these steps on another, safe device.
  • Make sure to take out your SIM card, as the virus could corrupt it in some rare cases.

Step 1: Shut Down your phone to win some time

Shutting down your phone can be done by pressing and holding its power button and choosing shut down.

In case the virus does not let you do this, you can also try to remove the battery.

In case your battery is non-removable, you can try to drain it as fast as possible if you still have control over it.

Notes: This gives you time to see how bad the situation is and to be able to take out your SIM card safely, without the numbers in it to be erased. If the virus is on your computer, it is espeically dangerous to keep the sim card there.

Step 2: Turn on Safe Mode of your Android device.

For most Android devices, switching to Safe Mode is the same. Its done by following these mini-steps:

1.Turn on your device and hold the power button until you see the following menu:

2.Tap on Safe Mode Icon to reset your phone to Safe Mode, like shown below:

3.When you turn on your phone, you will see the letters “Safe Mode” written on the side, bottom or other corners of the screen. Your phone will also be in Airplane mode. This will help avoid any viruses communicating with the hacker.

Step 3: Eliminate the App that Your Believe is the Virus

Usually Android viruses get masked in the form of applications. To eliminate apps, follow these mini-steps:

1.Swipe down from the top of your phone and locate the Settings symbol and tap on it.

2.When you open the Settings menu, you should be able to locate the control center of all your App Permissions. It should look something like the following:

3.Now if you know which the virus or adware app is, you should locate it and tap on it:

4.When you enter the app, you will see two options – to Force Stop it and to Uninstall it. Make sure to first Force Stop it so that your phone is safe from any tripwire tactics of the app that may destroy it an then tap on Uninstall to remove it.

5.Now if you are sure that the virus or adware app is removed, you can hold the Power button and tap on Restart:

Step 4: Find Hidden Virus Files on Your Android Phone and Remove Them

1.To find hidden files manually (In case you know where the virus files are), you can use Safe Mode to go to where your Files are actually located. Usually, this is a folder, named “My Files” or something approximate to this:

2.There you should be able to locate all of your files and all of the folders:

Simply locate the virus and hold-tap on the virus file to delete it.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree