Koler Android ransomware virus has still been reported to be active and infecting in new iterations. One of those iteration masks the virus as a fake FBI police detection, accusing the victim of watching or downloading illegal porn on his device. The ransomware is not known to use encryption on the victim’s files, but only locks his device by obtaining the permissions for it and then uses scareware tactics to convince victims to make a ransom payoff in order to unlock their device. In reality however, you should not pay anything to this virus and read this article in order to learn how to export your files from your Android device and remove this virus completely.
|Type||Android Lockscreen Ransomware|
|Short Description||Locks victims out of their Android devices and aims to convince them into making a ransom payment to unlock the device and make it usable again.|
|Symptoms||The screen is locked and an FBI pretending-to-be message appears, convicting the victim of watching porn videos.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by Koler |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Koler.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Koler Ransomware Distribution
In order to be widespread, this ransomware uses two main types of methods. The first one is used for it’s initial infections, which accounts for more than 70% of infected devices in the US. This is reported to be a fake Photo viewer app which the victims download, believing it is a legitimate one. To get you to download the app, the virus would send a malicious app, with a message similar to the following:
“Someone made a profile named – Luca Pelliciari – and he uploaded some of your photos! Is that you? http://bit.ly/xxxxxx.”
When the victim is tricked into opening the malicious URL, it immediately downloads the app on the computer of the victim.
In addition to this, the Koler ransomware virus is also self-replicating, meaning that it can use your phone to send the same infection message to other phones, which may also result in other phones becoming infected with it and higher monthly bill due to the malware sending messages at your expense. This is the main reason why if you encounter the Koler FBI ransomware, you should immediately plug out your SIM card(s) from your device.
Activity of Koler Ransomware
Once Koler ransomware has infected an Android device, the malware immediately locks down your device and denies any use of your SIM card, meaning that you cannot make any calls. The virus also changes or adds a login PIN that is not known to you. The ransom message which it begins to display begins with the following image:
Text from image:
DEPARTMENT OF JUSTICE
FEDERAL BUREAU OF INVESTIGATION
WASHINGTON DC DEPARTMENT, USA
AS A RESULT OF FULL SCANNING OF YOUR DEVICE, SOME
SUSPICIOUS FILES HAVE BEEN FOUND AND YOUR ATTENDANCE
OF THE FORBIDDEN PORNOGRAPHIC SITES HAS BEEN FIXED.
FOR THIS REASON YOUR DEVICE HAS BEEN LOCKED.
INFORMATION ON YOUR LOCATION AND SNAPSHOTS
CONTAINING YOUR FACE HAVE BEEN UPLOADED ON THE FBI
CYBER CRIME DEPARTMENTS DATACENTER.
FIRST OF ALL, FAMILIARISE WITH THE POSITIONS STATED IN
SECTION «THE LEGAL BASIS OF VIOLATIONS», ACCORDING TO
THESE POSITIONS YOUR ACTIONS BEAR CRIMINAL CHARACTER,
AND YOU ARE A CRIMINAL SUBJECT. THE PENALTY AS A BASE
MEASURE OF PUNISHMENT ON YOU WHICH YOU ARE OBLIGED
TO PAY IN A CURRENT OF THREE CALENDAR DAYS IS IMPOSED.
THE SIZE OF THE PENALTY IS $500.00
DISCONNECTION OR DISPOSAL OF THE DEVICE OR YOUR
ATTEMPTS TO UNLOCK THE DEVICE INDEPENDENTLY WILL BE
APPREHENDED AS UNAPPROVED ACTIONS INTERFERING THE
EXECUTION OF THE LAW OF THE UNITED STATES OF AMERICA
(READ SECTION 1509 – OBSTRUCTION OF COURT ORDERS AND
SECTION 1510 – OBSTRUCTION OF CRIMINAL INVESTIGATIONS).
IN THIS CASE AND IN CASE OF PENALTY NON-PAYMENT IN A
CURRENT OF THREE CALENDAR DAYS FROM THE DATE OF THIS
NOTIFICATION, THE TOTAL AMOUNT OF PENALTY WILL BE
TRIPLED AND THE RESPECTIVE FINES WILL BE CHARGED To
THE OUTSTANDING PENALTY. IN CASE OF DISSENT WITH THE
INDICTED PROSECUTION, YOU HAVE THE RIGHT TO CHALLENGE
IT IN COURT.
The malware also adds a fake “child porn” offense recordings of made up web links of porn sites that you are convicted to have been visiting:
The Koler ransomware also requests a payment to be made of $500 dollars via a VISA transfer. This payment is conducted via the payment payment page, which looks like the following:
In addition to this, Koler ransomware may also take over your SIM card to send messages from your phone to reinfect other devices by sending them SMS.
Remove Koler Ransomware and Restore Your Data
In order to remove this ransomware virus from your Android device, you will need to completely reset it to Factory Settings. Unfortunately, this may not be possible, since Factory Reset will delete all of your data and that is the last thing you want to do. This is why it is important to connect your device to a computer and follow the instructions below to backup the data on your phone when entering Safe Mode first. Only after this you may be able to recover your files by connecting the phone to a PC, since Safe Mode stops any third-party apps including Koler ransomware from locking your screen.