Android ransomware viruses have rapidly grown in number and a strong sign for that is the fact that many users now store important photos, documents and contacts there. One such ransomware is a lockscreen virus, recently detected to display a message, starting with “Your Contacts/photos/messages/notes Have Been Encrypted” and alongside it a coundown timer of 24 hours to pay a ransom fee in iTunes Gift Card code, which is $50. The ransom note also scares victims that if they enter a wrong code, their files will be permanently lost. If your Android device has been affected by this lockscreen mobile ransomware.
|Name||Your Contacts/photos/messges/notes Virus|
|Type||Lockscreen Android Ransomware|
|Short Description||Aims to get victims to pay $50 dollars in ransom after it locks their Android devices.|
|Symptoms||A lockscreen message in red appears, giving 24 hours to pay. May or may not encrypt your files.|
|Distribution Method||Via a redirect, caused by a fake Flash Player app.|
See If Your System Has Been Affected by malware
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Your Contacts/photos/messges/notes Virus.|
|Data Recovery Tool||Android Data Recovery Pro Notice! This product scans your Android device’s storage sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
“Your Contacts/photos/messages/notes Have Been Encrypted” – Spread
This Android virus has been reported to enter the device of the victim via a fake Flash Player app, called com.flosh.ployer. The app has been reported in Koodus to have the following identification parameters:
In order to infect victims, this ransomware virus uses a redirect web page via this fake app, which is of a phishing type. The web page, pretends to be an update of Google Play Store Services and looks like the following:
After the victim taps on the “Update Services” button, instead of the actual update, the virus files are downloaded on the victim’s computer and the screen becomes locked with malware.
“Your Contacts/photos/messages/notes Have Been Encrypted” – More Info
As soon as the infection with this virus takes place, it immediately drops it’s executable scripts, which grant it permissions over the security options of your Android device. This allows the virus to set a lockscreen, which looks like the following:
Message from lockscreen:
/messages/notes have been
When trying to close the screen or restart the phone, some
files will be irrevocably deleted!
When trying to close/uninstall the application, all the files
will remain permanently encrypted.
To decrypt the files and remove the virus + acquire
immunity for this device to any similar viruses, enter the
ITunes Gift Card code ($50) within
After entering the code, your phone will be fully restored
within 10 hours.
When trying to enter an incorrect/used code, all the files will
be irretrievably deleted.
What is interesting about this situation is that the ransomware uses scare tactics to scare off the victim that if a wrong code is entered the files will be permanently lost. In reality however, in reality it may just be another screenlocker infection which only locks your screen.
In addition to this, the infection may also change the unlock method of your computer and modify the .apk files responsible for your screensaver and locked device image.
If the user actually pays the ransom, which is interestingly enough in iTunes Gift Card, a procedure of decryption begins in a new countdown timer and the device should be unlocked in 10 hours time:
Remove “Your Contacts/photos/messages/notes Have Been Encrypted” from Android
If you want to remove this lockscreen from your system, you should check out the following instructions.