At the same time as Cyberpunk 2077 came out, a website that looked like Google Play appeared. This one claims to make available a beta version of the game for Android. It is actually ransomware. Fortunately, the decryption key has already been found and allows you to easily regain access to its files.
It didn’t take long to see fake versions of Cyberpunk 2077 appear. With 13 million copies sold just days after release, the game is a real success despite the many criticisms of which it is the subject. A golden opportunity, therefore, for hackers around the world to deploy their malware. While the PS5 and Xbox Series X versions won’t be released until the end of 2021, one site already offers an alleged Android version Game.
This is obviously a fake. Right now, and certainly for a very long time to come, the only way to play Cyberpunk 2077 on Android is through Stadia. The deception is also quickly revealed once you arrive on the site: it does not look anything like the official Cyberpunk 2077 page. On the contrary, the developers have opted for a copy of Google Play. However, we can see that more than 1000 people have already downloaded the application, probably reassured by thefalse positive comments deposited on the site.
Android version of Cyberpunk 2077 does not exist, it is ransomware
Hackers have left nothing to chance to fool their victims. The page displays as well as the download file weighs 3.4 GB, a significant figure for Android application, but which seems credible with regard to the content of Cyperbunk 2077. This is ultimately not the case, since the file actually weighs 3 MB. If, at this stage, doubts are clearly permitted as to the reliability of the application, they are definitively confirmed when it request access to photos and videos of the smartphone.
In case of acceptance by the user, the sentence falls and the application reveals its true ransomware identity. The files contained in the phone are then fully encrypted and display the extension .coderCrypt. A README.txt file is added to each folder and, once opened, indicates that the only solution to regain access to its data is to pay a ransom of $ 1000 in Bitcoin. Fortunately, there are ways to get by without paying a dime.
To encrypt the files of their victims, hackers use a RC4 symmetric encryption algorithm. In other words, it is about the same key that encrypts and decrypts files. In this specific case, security experts have already found the key in question: 21983453453435435738912738921. In addition, it was discovered that the time limit imposed by hackers, between 10 and 24 hours, is actually a false alarm, since the malware does not delete the files present on the smartphone. However, it is best to make a copy of the encrypted files before the restore, in case the restore fails.
Be careful, a fake PC version also exists
The hackers behind the fake Android version of Cyberpunk 2077 have also developed a PC version based on the same principle. However, this one turns out more restrictive for the victim because, unlike the Android version, the encryption key is not located within the application itself. In other words, she is generated randomly with each infection, which makes the experts’ work of decryption much more difficult.
Read also: Cyberpunk 2077 – unrealistic deadlines, excess, arrogance … 20 employees tell the story of development hell
More than $ 8000 in Bitcoin have already been paid to cybercriminals. However, victims are not guaranteed to regain access to their files. Hackers have the possibility of disappearing after having obtained the ransom or, even worse, to outbid the threat in the face of their distress. This is why it is strongly advised against paying any ransom demand.
In addition, there are free and online tools to help you decrypt your encrypted files if you download ransomware. One of them is NoMoreRansom, designed specifically to fight against these kinds of attacks. If by bad luck no decryption key was found for your specific situation, it may appear on these platforms after some time. Of course, it is above all necessary to be careful with files downloaded from the internet.
Source: Kaspersky
