Categories

How to remove CryEye virus from Android (Ransomware)

  • Posted by Sean Doyle
  • Updated
  • 2 min

What is CryEye?

CryEye is a file extension used by dangerous ransomware called DoubleLocker that infects Android phones. The ransomware locks your phone’s data, encrypt files, appends the .cryeye file extension to the end of files, changes the PIN to access the phone, and shows a screen-locker that says “Your personal files are encrypted!”

cryeye file

Once the “CryEye virus” has encrypted files and appended the .cryeye extension to the end of files it will display the ransom note. The ransom note explains what happened to your files and how to pay the ransom to decrypt them. It gives you 24 hours to pay 0.0130 Bitcoin (about $73.38 at this time) to decrypt your data. However, it is just a threat. If the ransom is not paid, the data will remain encrypted and will not be deleted from device.

cryeye

Here’s an example from the ransom note shown on the lock-screen:

Current state information

Your personal documents and files on this device have just been crypted. The original files have been deleted and will only be recovered by following the steps described below. The encryption was done with a unique generated encryption key (using AES-256).

Your personal files are encrypted!

To decrypt files you need to obtain the private key. This means the encrypted files are of no use until the get decrypted using a private key stored on a server.

CryEye ransomware is typically spread by rogue apps that are promoted on third-party websites and in Google Play Store. In the most recent campaign, the ransomware was spread via a fake Adobe Flash Player app bolstered by a third-party website. The app has since been removed by Google. It is important to avoid installing rogue apps or Adobe Flash Player apps of any kind (legitimate or not – you don’t need them).

This page explains how to remove CryEye ransomware that appends the .cryeye extension to files and changes your phone’s PIN number.

How to remove CryEye

The only realistic way to remove CryEye from your Android phone is to perform a factory reset.

There is a method to get past the PIN lock without a factory reset for rooted devices. However, for the method to work, the device needed to be in the debugging mode before the ransomware got activated.

To avoid future infections it is recommended to install Malwarebytes for Mobile to protect your phone from malware, adware, and ransomware automatically.

Written by

Sean Doyle

Sean is a distinguished tech author and entrepreneur with over 20 years of extensive experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. His expertise and contributions to the industry have been recognized in numerous esteemed publications. Sean is widely acclaimed for his sharp intellect and innovative insights, solidifying his reputation as a leading figure in the tech community. His work not only advances the field but also helps businesses and individuals navigate the complexities of the digital world.

More Reading

Post navigation

Leave a Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.