Dogspectus

Dogspectus, also known as Cyber.Police, targets Android OS and spreads via a currently unnamed exploit kit. If an Android device is used to visit a website hosting malicious advertisements, the hostile Javascript code contained within those ads exploits several Android vulnerabilities to quietly install Dogspectus without the knowledge of the victim. Packaged as an Android .apk application, it does not display an “application permissions” dialogue box before installing itself onto the device. Dogspectus does not actually encrypt any data but rather locks access to the infected device until the victim pays the ransom. Currently, files can be recovered from an infected Android device without paying the ransom and is done by connecting the device to a computer and manually copying the files to the computer’s hard drive. The malware itself can be removed from the device by performing a factory reset which deletes all files and applications that have been previously installed. Dogspectus demands a $200 ransom payable only via Apple iTunes gift cards.

  • Blue Coat Labs provides more information about Dogspectus here.
     
  • The NJCCIC is not aware of any decryption tools available for Dogspectus. 
Ransomware VariantsNJCCICDogspectus, Cyber.Police