How to Detect Ransomware on Android

This How.com.vn teaches you how to identify popular forms of ransomware on an Android, how to remove the type that can be uninstalled, and what to do if it the problem persists. Ransomware is malicious malware that pops up messages on your phone or tablet demanding money to remove ads, viruses, and other malware.

Part 1

Part 1 of 4:

Identifying Popular Ransomware

1
Look for threatening pop-up messages demanding payment. Ransomware encrypts your data and demands money in exchange for its release. If you see a message that says you can’t perform actions on your phone or tablet without paying money, you are likely infected.
- There's no surefire way to find out that you're infected by ransomware, but continue on to learn the signs of some of the most popular varieties.
This ransomware, disguised as a plugin for the King of Glory game, began by targeting Chinese Android users through gaming forums. Though it places no icon in the app drawer, you’ll know you have WannaLocker if your home screen wallpaper changed an anime image right before you started to see messages demanding payment using QQ, Alipay, or WeChat.
Advertisement
3
Check for signs of DoubleLocker. Not only does this ransomware encrypt your data, it also changes the PIN used to access your Android. You’ll be told that your data will be deleted after a period of time unless you pay a fee in Bitcoin (BTC).^{[1]XResearch source}
- DoubleLocker cannot be uninstalled. You can only remove it by performing a factory reset.
4
Check for signs of Koler. This ransomware is spread through adult-themed websites, usually porn sites and apps. If you have Koler, a message from the “police” will appear on the screen, claiming you have suspicious or illegal files. This message also demands a payment between $100 and $300 (sometimes more) to release your files.^{[2]XResearch source}
- Koler can be removed in Safe Mode.
5
Check for signs of LeakerLocker. This ransomware was installed on Androids through rogue apps from the Play Store. If you see a message on the screen that threatens to share your data with your contacts if you don’t pay up, you likely have LeakerLocker.
- LeakerLocker can be removed in Safe Mode.
Advertisement

Part 2

Part 2 of 4:

Uninstalling Ransomware in Safe Mode

1
Reboot the Android into Safe Mode. Though uncommon, it may be possible to remove the ransomware without doing a factory reset. Start by putting the Android into Safe Mode. Here’s how to do this if the screen is held captive:^{[3]XResearch source}
- Press and hold the power button. It’s usually at the top or right edge of the phone or tablet. The process varies by manufacturer—these steps refer to Samsung Galaxy phones and tablets, but others should be similar.
- Tap Power off. The Android will turn off.
- Press and hold the power button to turn the Android back on. Continue holding the button until the “Samsung” (or your manufacturer’s) logo appears.
- Lift your finger from the power button and then press and hold the volume down button. Keep holding this button until the Android has finished restarting. When it comes back up, you’ll see the “Safe Mode” logo at the bottom of the screen.
This opens the notification panel.
This opens your settings.
4
Tap Apps. A list of your apps will appear.^{[4]XResearch source}
- If you don’t see “All Apps” selected at the top-left corner of the screen, click the drop-down menu, then tap All Apps.
5
Tap the ransomware app. If you know what it’s called, scroll down and then tap its name. If you’re not sure what it’s called, browse the apps until you find something you don’t recognize or remember installing.^{[5]XResearch source}
- If you’re infected with LeakerLocker, uninstall these apps if they appear: Wallpapers Blur HD, Booster & Cleaner Pro, and Calls Recorder.
- Some apps may be disguised as familiar apps. For example, Koler may appear in this list with the name of a popular porn app.
A confirmation message will appear.
7
Tap OK. The app will be removed.
- Repeat these steps for all apps you don't recognize.
To do this, press the power button on the phone or tablet, then tap Restart.
If you no longer see messages demanding payment for malware, you may have removed the ransomware. If not, restore the Android to its original factory settings.
Advertisement

Part 3

Part 3 of 4:

Restoring to Factory Settings

1
Power off your Android. If uninstalling apps in Safe Mode didn’t work, resetting is your only hope. This will delete everything on your phone or tablet and restore it to its original factory settings. These steps are specific toward Samsung phones and tablets, but the steps should be similar on all Androids.
- To turn off your Android, press and hold the power button on the top or side edge, then tap Power off when prompted.
- If you were able to remove the ransomware, skip this section and continue to Avoiding Ransomware.
2
Press and hold the volume up, Bixby, and power buttons at the same time. Volume up is usually at the top-left edge of the Galaxy, Bixby is near the center on the left side, and power is usually on the right.^{[6]XResearch source} Continue holding until you see the Android Recovery screen.
- If you don’t have a Samsung, try holding the volume up, volume down, and power keys instead.^{[7]XResearch source}
This highlights the option in blue.
A confirmation message will appear, asking if you’re sure you want to wipe all of your data.
A list of options will appear.
After several minutes, your Galaxy will return to its original factory settings.
Now that the ransomware is gone, follow the on-screen instructions to sign back into your Google and Samsung accounts and set your preferences.
Advertisement

Part 4

Part 4 of 4:

Avoiding Ransomware

Many ransomware apps get installed when an unassuming user downloads from sites that offer “free full APKs.”
2
Back up your Android often. If your phone or tablet does get infected by ransomware, you’ll be able to perform a factory reset and restore to the most recent backup that doesn’t include the rogue app.
- See Back Up the Samsung Galaxy or Back Up an Androidto learn how to set up backups.
Both Samsung and Android release security updates that correct vulnerabilities to ransomware and other types of malware. If you receive a notification than an update is ready to install, follow the on-screen instructions to install it immediately.
If you receive an unsolicited email or SMS asking for login information, passwords, or other personal data, delete it immediately.
Those password auto-save features on browsers and accounts? Convenient, yes. Safe? Not so much. If you’re constantly forgetting passwords, best write them down on a sheet of paper, then keep it in a secure drawer at home.
6
Install a dependable antivirus on your device. There are plenty to choose from in the Play Store. Read the reviews and select one that suits you.
- Some popular options are Avast and Bitdefender.
Advertisement