CovidLock Ransomware Removal Guide

Do you know what CovidLock Ransomware is?

CovidLock Ransomware is an infection that you let in if you download an Android app called COVID19 Tracker. At the time of research, this app could not be installed anymore because the download site was taken down. This is great news, but there is no time to relax because it is a piece of cake for cybercriminals to set up new app download sites or even think of other methods of distribution. As you might know already, ransomware targeted at Windows systems is usually spread using spam emails and malicious downloaders, and the same tricks can be used to infect mobile devices. Without a doubt, if you have downloaded the extension, you need to remove it as soon as possible. Before you delete CovidLock Ransomware, you want to recover your files, and we are happy to inform that you do not need to pay a ransom to get that done. Continue reading to learn all about decryption.

Although COVID19 Tracker was not distributed via reputable app stores (e.g., Google Play), its creators could have redirected users to the app download webpage using misleading pop-ups and advertisements. COVID-19, or Coronavirus, was declared a pandemic on March 12th, 2020. Even before that, people all around the world were scouring the web to find as much information about this sweeping virus as possible. While the World Health Organization and local health organizations (e.g., CDC in the US or ECDC in Europe) are the primary sources of information, people often seek external sources and tools. Microsoft has set up a website that presents a live virus-tracking map that shows how many coronavirus cases are confirmed in every country of the world. However, cybercriminals create their own fake maps and tracking apps to lure users in. That is how password-stealing trojans (e.g., AZORult password stealer) and ransomware are spreading. CovidLock Ransomware takes over Android devices when the COVID19 Tracker app is downloaded and permissions are granted.

The misleading CovidLock Ransomware app asks to access the device’s locks screen and accessibility settings. These permissions are introduced as soon as the app is downloaded, and they are supposed to help it alert the user when coronavirus patients are in close proximity. Does that sound like a legitimate service? It is not because people with the virus are in isolation or in hospitals, and information about their whereabouts is not made public in the first place. Unfortunately, if people are tricked into opening COVID19 Tracker and accepting the permissions, CovidLock Ransomware is launched. The infection immediately introduces a ransom note, according to which, victims need to send a ransom of $100 in bitcoins (a cryptocurrency) to the attacker’s bitcoin wallet (18SykfkAPEhoxtBVGgvSLHvC6Lz8bxm3rU) in return for a decryption code. It is stated that those who do not comply and fail to pay the ransom within 48 hours will have pictures, videos, contacts and other personal information leaked and also deleted. Luckily, malware researchers at DomainTools have found a decryption key that should work for all victims. Once you apply it, you need to delete the infection immediately.

CovidLock Ransomware decryption key: 4865083501

You do not need to pay the $100 ransom or contact the attackers via In fact, you will win nothing by doing that. The good news is that, at the time of research, the attackers’ bitcoin wallet was empty, which gives us hope that the threat is no longer spreading or that people are discovering the free decryption key. Unfortunately, even if you unlock and remove CovidLock Ransomware successfully, note that there are plenty of other threats that you need to watch out for during this confusing and scary time. Start by protecting your mobile devices, which is easiest to do with the help of authentic security apps.

Unlock files and delete CovidLock Ransomware

  1. Use the 4865083501 code to unlock your device.
  2. Delete/uninstall the app called COVID19 Tracker.
  3. Install a trusted security app to strengthen your device’s security.

In non-techie terms:

CovidLock Ransomware is an infection that attacks Android devices using the COVID19 Tracker app. Although this app is meant to help Android users track the infection rate of the Coronavirus across the globe, in reality, it was created for the sole purpose of spreading the ransomware. Once it is activated, it launches a screen that pushes victims to pay a ransom of 100 US Dollars in return for an alleged decryption code. You do not need to pay any money for the decryption code because it is already public knowledge. Once you enter the code to unlock your device, immediately remove CovidLock Ransomware-related app and quickly install a trusted security app to ensure that your Android device remains secure in the future. Also, do not forget that other Coronavirus-related infections exist, and schemers are already using the disaster to their advantage. Be cautious.