Remove El Gato Android Ransomware and Restore Locked Devices - How to, Technology and PC Security Forum |

Remove El Gato Android Ransomware and Restore Locked Devices

el-gato-ransomware-cat-senoststechforumAn orange cat making a funny face this is what victims of El Gato (cat) ransomware see when their Android phones have been infected by this virus. McAfee labs researchers from its mobile division have seen that this virus’ is controlled remotely and it aims to make an android device no longer to be useful unless the victim pays a provided ransom payment. In addition to this El Gato has also been reported to have an infostealing ability allowing it to steal text messages and other information. In case you have been infected by El Gato ransomware, we strongly advise you to read this article thoroughly and learn how to clear your device from El Gato ransomware and try to get your files back.

Threat Summary


El Gato

TypeAndroid Malware/ Lockscreen/Ransowmare
Short DescriptionThe El Gato Android ransomware locks the files of Android devices, displays a lockscreen, steals information and may send SMS from it.
SymptomsLocked screen displaying a cat.
Distribution MethodMalicious third-party apps or malicious URLs.
Detection Tool See If Your System Has Been Affected by El Gato


Malware Removal Tool

User ExperienceJoin our forum to Discuss El Gato Ransowmare.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

El Gato – How Does It Spread

So far, El Gato is in early stages of development and researchers have spotted it, which means that it is less likely to spread massively yet. However, if it is to be widespread, this may happen via several different methods:

  • Malicious URLs opened on the device’s web browser.
  • Malicious apps installed from a third-party app provider other than Google Play store.

El Gato Ransomware – More Information

Upon infection, El Gato ransomware, may perforom several malicious activities on the device. For starters, the virus connects remotely to the cyber-criminals’ C&C servers. From there, they assume a remote-control like access enabling them to use the many features of the El Gato virus.

One of its “extras” is primarily associated with locking the screen of users and possibly displaying an image of a funny and cute cat. However, there is nothing cute about this virus. The access can be blocked by adding a lockscreen to the device which can be done by modifying the screensaver.

Not only this, but the creators of El Gato ransomware also have the ability to steal information from the infected device. They can obtain text messages, system information, contact information.

Besides stealing such I formation, DigitalTrends researchers report that El Gato virus also has the capability of sending text messages from it’s victims phones.

Besides those, probably the worst feature of the phone is that it may eventually pose a grave threat to your data as well. The El Gato virus has the ability to encrypt user files as well, making decryption that is direct almost impossible.

After encryption, the El Gato virus may generate a randomly made password, different for every infection and the attacker may demand a different payment and methods of payment, for example 1 BTC via Tor networking or payment via SMS to a remotely operated and automated short messaging service.

Remove El Gato Ransowmare from Your Android Device

Removing this virus may be a tricky thing, especially if it has encrypted your files. This is why we advise you to try and enter the safe mode of your phone, connect it to a computer and copy the files onto it. In case the files on your phone are encrypted and important to you, you should first determine the type of encryption algorithm used. Then use the appropriate decryptor.

We have prepared the instructions below that will surely help you to get rid of this ransomware from your device. We strongly advise you to try and access your files and copy them somewhere else before attempting this removal.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share