Ransomware is a type of malware that restricts the access to your computer system and infects it.
Then a ransom is demanded to be paid to the creator of the malware in order for the restriction to be removed.
Ransomware can be the encryption of files on the system’s hard drive and usually locks the system demanding payment for it to be lifted.
Another form of ransomware is CryptoLocker. This leaves your computer running while scrambling your data and demands a fee for the decryption key to get your data back.
The fee is usually around $300. Recently, the pay-to-unlock ransomware has made its way into the Android ecosystem, and charges $300 to un-lock.
“Koler”One of the most ransomware through the Android is known as “Koler”. Koler is very similar to the Reveton malware, which leaves your data in tack but locks you out of your computer.
It’s thought that the Reveton gang is the one behind Koler. Both malware’s follow a criminal formula that has worked for them on Windows computers.
As soon as the malware pops up, it downloads a display warning screen stating you are accused of viewing something illegally, like pornography.
According to reports, the crooks use the time-honored trick of telling you to install a specific “video player” app, then offering you help with downloading it.
**Because Koler has not made it into the Google Play Store, you need to have “Allow installation of apps from unknown sources” enabled in your Android security settings to be at risk.
Just like with Windows-based police warning ransomware, the malware can adapt the content it displays depending on your country or language settings.
The malware warnings have been coming from “U.S.A. Cyber Crime Center” and “FBI Department of Defense” (which doesn’t make sense because the FBI is not part of the DoD).
The screen shot shows fake government seals and an assortment of ripped-off images coaxing the victims to do what they are told on the screen.
These scare tactics often work for many, how many times do you have The President pointing his finger at you in a scolding manner?
Another message that is often seen:
ATTENTION! Your phone has been blocked up for safety reasons listed below. All the actions performed on this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO.
Note. Sophos products, including Sophos Free Anti-Virus and Security for Android, detect this malware as Andr/Koler-A.
Get rid of KolerKoler doesn’t scramble your data or disengage your audio. It locks your phone with a pop-over browser window that automatically reappears if you try to get rid of it.
News that continually reappears through pop-up windows makes it nearly impossible to get into the Settings menu to remove the malware.
When trying to reboot, the malware kicks back in at the beginning of restarting your device.
If this happens, a factory reset will get rid of it. The reset will remove the malware along with any other apps and stored data installed on your device.
It is recommended to use the Android “Safe Mode”, also detailed explination can be found in Sophos’ companion article.
Stay protected from police warning ransomware Here are five easy tips to help you deal with Android malware of all sorts, including “police lockers”:
- Install a reputable anti-virus program to vet all new apps automatically before they run for the first time.
- Be cautious of apps you are offered in ads and pop-ups.
- Stick to Android’s default setting of allowing installs from the Google Play store only.
- Keep off-device backups of your important data.
- Read our article about using “Safe Mode”, just in case you ever need it in a hurry.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
NakedSecurity from SOPHOS
Android “police warning” ransomware – how to avoid it, and what to do if you get caught
Published: May 19, 2014