El Gato targets Android OS and is distributed via a legitimate cloud service provider. It requests and receives commands from its C2 server via unencrypted HTTP traffic. El Gato’s capabilities include: file encryption and decryption, sending and exfiltrating SMS messages, locking the infected device, and killing application processes. El Gato displays a picture of a cat on the locked device screen. The ransom payment demand for this variant is currently unknown.
- McAfee provides more information about El Gato here.
- The NJCCIC is not currently aware of any decryption tools available for El Gato.