THREAT REMOVAL

Remove “Your Contacts/photos/messages/notes Have Been Encrypted”

This article aims to help you remove the latest Android ransomware virus “Your Contacts/photos/messages/notes Have Been Encrypted” and show you how to unlock your phone.

Android ransomware viruses have rapidly grown in number and a strong sign for that is the fact that many users now store important photos, documents and contacts there. One such ransomware is a lockscreen virus, recently detected to display a message, starting with “Your Contacts/photos/messages/notes Have Been Encrypted” and alongside it a coundown timer of 24 hours to pay a ransom fee in iTunes Gift Card code, which is $50. The ransom note also scares victims that if they enter a wrong code, their files will be permanently lost. If your Android device has been affected by this lockscreen mobile ransomware.

Threat Summary

Name Your Contacts/photos/messges/notes Virus
Type Lockscreen Android Ransomware
Short Description Aims to get victims to pay $50 dollars in ransom after it locks their Android devices.
Symptoms A lockscreen message in red appears, giving 24 hours to pay. May or may not encrypt your files.
Distribution Method Via a redirect, caused by a fake Flash Player app.
Detection Tool See If Your System Has Been Affected by malware

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss Your Contacts/photos/messges/notes Virus.
Data Recovery Tool Android Data Recovery Pro Notice! This product scans your Android device’s storage sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

“Your Contacts/photos/messages/notes Have Been Encrypted” – Spread

This Android virus has been reported to enter the device of the victim via a fake Flash Player app, called com.flosh.ployer. The app has been reported in Koodus to have the following identification parameters:

In order to infect victims, this ransomware virus uses a redirect web page via this fake app, which is of a phishing type. The web page, pretends to be an update of Google Play Store Services and looks like the following:

After the victim taps on the “Update Services” button, instead of the actual update, the virus files are downloaded on the victim’s computer and the screen becomes locked with malware.

“Your Contacts/photos/messages/notes Have Been Encrypted” – More Info

As soon as the infection with this virus takes place, it immediately drops it’s executable scripts, which grant it permissions over the security options of your Android device. This allows the virus to set a lockscreen, which looks like the following:

Message from lockscreen:

“Your contacts/photos/
/messages/notes have been
encrypted.

When trying to close the screen or restart the phone, some
files will be irrevocably deleted!
When trying to close/uninstall the application, all the files
will remain permanently encrypted.
To decrypt the files and remove the virus + acquire
immunity for this device to any similar viruses, enter the
ITunes Gift Card code ($50) within
{TIME LEFT}
After entering the code, your phone will be fully restored
within 10 hours.
When trying to enter an incorrect/used code, all the files will
be irretrievably deleted.
ENTER CODE”

What is interesting about this situation is that the ransomware uses scare tactics to scare off the victim that if a wrong code is entered the files will be permanently lost. In reality however, in reality it may just be another screenlocker infection which only locks your screen.

In addition to this, the infection may also change the unlock method of your computer and modify the .apk files responsible for your screensaver and locked device image.

If the user actually pays the ransom, which is interestingly enough in iTunes Gift Card, a procedure of decryption begins in a new countdown timer and the device should be unlocked in 10 hours time:

Remove “Your Contacts/photos/messages/notes Have Been Encrypted” from Android

If you want to remove this lockscreen from your system, you should check out the following instructions.

Avatar

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Stay tuned
Subscribe for our newsletter regarding the latest cybersecurity and tech-related news.