A new Android Lockscreen type of ransomware which belongs to the police impersonator viruses has been detected out in the wild. The questionable Trojan enters through users via suspicious applications or by visiting malicious web links via your phone. What is worse, this malware pretends to catch the user in violation making him pay the hefty fine of $100 USD. All users who have been affected by the ransomware should immediately take out their SIM card from their device and follow the instructions below to successfully get rid of this lock screen malware without any damage to their phone or data.
|Short Description||Locks the screen of the user’s mobile device, claiming he or she has committed a crime and asking to pay a fine of 100$ for unlocking the device.|
|Symptoms||The user may witness fake Android update after which the locking of his screen with a timer and a scareware message.|
|Distribution Method||Malicious URLs prompting the installation of a malicious “content-gormless.apk” file.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Cyber Police|
|User Experience||Join our forum to discuss Cyber Police.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Cyber Police Ransomware – Distribution
The way this ransomware may be spread is via several ways:
- Socal Media and another type of online spam on websites.
- Spammed emails that are featuring malicious URLs.
Users believe that the primary method for it to spread is via spam bots such as the My Facebook Video Spam. The way such spam bots work is that they corrupt a certain Facebook profile to send out spam messages with custom URLs carrying the payload:
After the link has been clicked it may redirect to a page, prompting an update. Regarding Cyber Police ransomware, malware researchers from Symantec Security Response have confirmed that the ransomware displays an Android Update prompt, very similar to the following:
Once the user taps on “Activate” or “Install”, the malware may begin the infection process. The malicious package believed to be carrying the payload is reported to be named “content-gormless.apk”.
Cyber Police Ransomware In Detail
Once activated on the computer the ransomware assumes control of the following features:
- The background.
- Phone and messaging services.
- Imaging services.
- Camera and app access and launch control.
Furthermore, after installation, the app will display itself with an icon, which has the Android logo on a green background and white color.
Not only this but upon activation, the ransomware is also reported to connect to multiple remote hosts which may be its command and control centers:
After an infection, the ransomware has been reported to lock the screen of the user. If the user tries to enter the menu, the lock screen immediately closes it. It is reported to feature a timer along with a scareware message claiming the user has broken the law:
Not only this, but researchers at YooSecurity Guides report of variants of the Cyber Police lockscreen ransomware to feature the following ransom note on tablets:
The ransomware’s activities and demands are simple:
- To pay a “fine” of approximately 100$ via payment services like Ukash or iTunes Gifts.
- To steal personal and other sensitive data from the Android device of the user.
In case you have become a victim by this malware, it is strongly advisable to immediately change the passwords of your phone’s Google and other accounts where you have registration.
Remove Cyber Police Ransomware and Fix Your Phone
You have the option to take your phone to a specialist. However, it is rather expensive in terms of time and money. And removing it will not turn out to be that tricky after all. This is why we have designed instructions that you should follow below to help you deal with this ransomware swiftly and for free.