Ransomware in Cyberpunk 2077

With not even an month since the launch of Cyberpunk 2077  for Windows and consoles, we find “beta version for Android” all over the internet. It was completely free to download from a site bearing the name cyberpunk2077mobile[.]com. But the actual game developer has yet to announce any mobile version of the game, so we decided to find what’s behind it.


Cyberpunk 2077 for mobile? No, it’s ransomware!

The mobile version of the website looks nothing like the official website of Cyberpunk 2077— it looks more like Google Play, indeed. Its developers say that the beta version was released on the same day as the official release, and was downloaded about 1,000 times (at the time of this post). Some users had also left comments, claiming it wasn’t terrible for a beta version.


Image Credit : Kaspersky

The website listed 3.4 GB as the size of the game but a file less than 3MB was downloaded. When the game was launched initially, the fake beta requests access to storage on the device. Technically, an app might need some file access to save or open something like save game or snapshots, but no game needs your photos and videos just to load. The app was designed in such a way that it won’t run without the permissions.

When the user gives permission, they will see a ransom demand notice and not the expected result.


Image Credits : Kaspersky

All the files of the user has been encrypted and it asks the user a ransom of $500 in bitcoin within 24 hours. (Or 10 hours. The ransom note mentions both periods.). The notice also says if the victim fails to pay the demand on time, the malware will permanently erase everything.

It also warns that any attempt to remove the ransomware will result in the loss of files permanently.


So what happens when files get encrypted?

When we check the files we noticed that the files were encrypted and assigned the extension .coderCrypt. We also saw a new text file named README which had the same notice.


Image Credits : Kaspersky

But we were able to recover the files, That’s because the malware uses the RC4 symmetric encryption algorithm. The symmetric part means the same key both encrypts and decrypts the files. RC4 in quite common, it is possible to recover the files for yourself, for example, by using an online RC4 decryption service.


Same ransomware on windows too


Image Credits : Kaspersky

A similar kind of ransomware for windows is also present and targeting vulnerable people. Unlike android it’s quite difficult to decrypt the files. But then this question arises, then should I pay the ransom?

Paying the ransom has no guarantee that your files will be recovered. Over $10000 have been sent to cybercriminal’s wallets in form of bitcoins and yet some people’s files are unrecovered. So we strongly advice not to pay the ransom.

And we have come to the end of the article. To learn more about cybercrimes and cybersecurity comment down below the topic you wish to see. Follow us on our socials and have a great day!

[showhide type=”pressrelease”]Cyberpunk 2077, software bug, xbox one x cyberpunk, cyberpunk 1.05, cd project, romance cyberpunk 2077, cybercrime, ransomeware, cyberpunk 2077 ransomeware, malware, cyberpunk 2077 malware, antivirus[/showhide]

Kevin Joe Harris

Tech enthusiast who loves to share his knowledge and express his thoughts!

Leave a Reply

Your email address will not be published. Required fields are marked *