Click on screenshot to zoom
Danger level 7
Type: Trojans

CovidLock Ransomware

If you have a mobile device that runs Android, you need to watch out for CovidLock Ransomware, a dangerous file-encrypting malware that can encrypt every single personal file you own. This malicious threat has emerged in the wake of the COVID-19/coronavirus pandemic that has touched even some of the most remote locations in this world, including Iceland, the Seychelles, or Trinidad and Tobago. Although the world is scrambling to prevent the spread of the virus, find a vaccine, and treat the thousands who are severely sick, cybercriminals do not care about any of that. As soon as they see an opportunity, they jump to exploit it, and people’s need for constant information about the virus has provided them with such an opportunity. Cybercriminals wasted no time to create COVID19 Tracker, an Android app that is supposed to offer a coronavirus tracking map. Of course, as soon as this app is downloaded, the file-encryptor is executed. The good news is that you can restore your files and remove CovidLock Ransomware without spending a dime.

According to malware researchers, the malicious COVID19 Tracker app was not distributed via Google Play or any other legitimate app store. Instead, it was distributed via a specific webpage created for the sole purpose of distributing the app. At the time of research, this webpage was already down, but cybercriminals could set up new websites to spread CovidLock Ransomware, or they could use social engineering scams, bundled downloaders, malvertising, and spam emails, which is what file-encryptors use for distribution in most cases. Whether or not this app reemerges again, you need to understand how it works. Once it is downloaded onto the phone, the user is asked to give it the permission to access the lock-screen, which is the first sign that the app is dangerous. Unfortunately, people often dismiss the requested permissions, especially if they cannot wait to use an app. COVID19 Tracker, allegedly, needs the permission so that it could warn users when people who have the coronoavirus are nearby. Such information is not public, which is another sign that the app is fictitious and, potentially, dangerous. Unfortunately, if the permission is given, CovidLock Ransomware is activated, and the ransom note is shown on the screen.

1. What will be deleted? your contacts, your pictures and videos, all social media accounts will be leaked publicly and the phone memory will be completely erased
2. How to save it? you need a decryption code that will disarm the app and unlock your data back as it was before
3. How to get the decryption code? you need to send the 100$ in bitcoin to the address below, click the button below to see the code

CovidLock Ransomware was created for the sole purpose of making money, and the attackers behind it hope that they can trick victims into sending $100 to them in return for a decryptor. The ransom has to be paid in Bitcoin to the 18SykfkAPEhoxtBVGgvSLHvC6Lz8bxm3rU Bitcoin wallet. At the time of research, this wallet was empty, which is great news. Unfortunately, it is possible that some people might be tricked into paying the ransom because CovidLock Ransomware threatens to leak social media accounts, delete the phone memory, and delete all personal files that exist on the infected device. Well, if you are currently dealing with the infection, and you have no idea what to do with the ransom demands, we have good news for you. Tarik Saleh at has released a decryption key (4865083501) that can free the files corrupted by the infection. Hopefully, it works for you too. If you want a legitimate coronavirus tracker, go to You should NOT install any apps, files, or programs that claim to offer virus tracking services.

Unfortunately, the global COVID-19 disaster is pulling out cybercriminals from the darkest corners of the web, and COVID19 Tracker is not the only fictitious app and CovidLock Ransomware is not the only malicious threat associated with it. Phone call fraud, phishing scams, fake offers for cures and tests are growing in numbers by the hour because cybercriminals are not going to pass up the opportunity to gain something out of the pain of others. This is why you need to do whatever it takes to protect yourself, your virtual security, and of course, your devices. First and foremost, delete CovidLock Ransomware by removing the malicious app and setting up a reliable security system for your Android device. If you are currently working from home, make sure you do it safely, and monitor your children to make sure that they are not tricked into downloading fake apps or software that could hide malware. As long as you are cautious, you should be able to avoid the traps that cybercriminals have already laid and will lay in the future.

CovidLock Ransomware Removal

  1. Enter 4865083501 into the enter decryption code box.
  2. Open the Settings menu and tap Apps.
  3. Tap COVID19 Tracker and choose Disable.
  4. Install a trusted security app to scan and protect your device.
Download Spyware Removal Tool to Remove* CovidLock Ransomware
  • Quick & tested solution for CovidLock Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.