This blog post will be dealing with a new kind of ransomware that infects devices running Android.
It infects your Android device by asking you to download an app off the internet that claims to be helpful in some way. But it is actually just the ransomware. This app can only be found online and you will not find it in the Google Play Store.
In order for it to actually download the ransomware, you will need to allow your Android device to download from untrusted sources. When installing the app, it will ask for permission to access system tools in some way.
But the best way to tell if you are infected is if you get a notice saying your device (phone or tablet) is blocked. This notice will claim to come from places such as the FBI in order to make you think that it is real.
The ransomware will demand a payment of $300 in order to unlock your device. It will demand this payment in the form of a MoneyPak card.
It is strongly advised that you do not pay the ransom. Instead, follow the following removal guide. Please note that you should read all steps before starting removal, as this ransomware will pop back up every few seconds.
So in other words, attempt to remove this as fast as possible.
Regular Removal Guide:
Step #1: Go to Settings.
Step #2: Go to Apps.
Step #3: Scroll down in the list of apps until you find the app responsible for the ransomware.
Step #4: Touch the app and hit uninstall.
Step #5: Go to the Google Play Store to download an anti-malware app such as Malwarebytes Anti-Malware Mobile.
Step #6: Launch the anti-malware app and run a scan.
Step #7: Remove or uninstall anything the scan finds.
Persistence will pay off with this, but if you find it too hard to complete this removal guide without the ransomware coming back up, we will have to remove it from safe mode.
Safe Mode Removal Guide:
Step #1: Find out how to reboot your Android device into Safe Mode. Unfortunatly, most Android device makers have different ways of booting your device into Safe Mode. And there are so many ways that I just cannot list them all in this removal guide.
I suggest you use your favorite search engine on a computer (like the one you are using to read this) to look for how to boot into Safe Mode for your specific device or device manufacturer.
Step #2: Go to Settings.
Step #3: Go to Apps.
Step #4: Scroll down in the list of apps until you find the app responsible for the ransomware.
Step #5: Touch the app and hit uninstall.
Step #6: Boot your device into the Normal Mode.
Step #7: Go to the Google Play Store and download an anti-malware app.
Step #8: Launch the anti-malware app and run a scan with it.
Step #9: Remove on uninstall anything the scan finds.
--------------------------------------------------------------------------------------------------------------
Update: May 9th, 2014, 10:13 AM CST.
Evidently some anti-malware vendors are now talking about this story as well. Which is good because it provides publicity to this which helps protect more people.
Although an issue with some independent bloggers who are talking about this is that they consider it akin to the file encrypting ransomware for Windows computers known as CryptoLocker.
This is incorrect and this ransomware does not encrypt any files on your Android device.
No comments:
Post a Comment