Android phones increasingly face ransomware attacks

How to protect your Android phone from ransomware – plus a guide to removing it

If you’ve been keeping up with news, you might have noticed that ransomware attacks are on the rise. Besides targeting business networks and personal computers, ransomware is becoming a more common threat to mobile platforms too. And especially on Android devices, which, when considering it’s the most popular mobile operating system, means we’re talking about a high-volume of potential victims. That’s why now’s the time to understand what ransomware is, how it can sneak onto your Android phone, and steps you can take to remove it if necessary.

Common types of ransomware

Ransomware attacks can take on several forms, but two are particularly common. On computers, victims are typically targeted with Crypto ransomware, which takes over a device and encrypts its files. Cybercriminals will then demand a ransom be paid in exchange for regaining access to your data. The second kind, Locker ransomware (also called screenlockers), typically attacks mobile devices and Android phones. Instead of encrypting files, it denies access to a device by locking the user interface, sometimes via a popup overlay.

How to protect your Android phone from ransomware 

Ransomware usually winds up on a mobile phone through a social engineering attack. For example, threat actors will trick a user into downloading malware by installing a fake app from a third-party app store, or into clicking on a spam link on social media or sent via SMS. To avoid bringing ransomware onto your phone, stay alert to incredible discount ads, clickbait articles, and suspicious friend invites.   

Here are some additional tips to prevent a ransomware attack on your mobile device: 

  • Only download apps from trusted sources. Thirdparty platforms aren’t reviewed by Google and can more easily sneak bogus apps into their app stores. Although not perfect, it’s safest to download apps from the official Google Play Store. 
  • Keep your Android device updated. Unpatched software on outdated versions of an app leaves you vulnerable to attacks. 
  • Back up your device. This way you will always have access to a copy of your files and can restore them if you need to reset your phone.
  • Don’t give out personal identifying information. For example, your bank will never ask you to provide your account information over text message or an email.  
  • Don’t keep your passwords on your device. If you want a convenient way to remember your logins use a password manager. It will create and safely store strong passwords that you can use across devices. 

How to remove ransomware from your Android phone 

First, you need to determine what kind of ransomware has infected your Android device. If a crypto variety has snuck onto your phone and encrypted your files you won’t be able to remove it. Your options are to try and decrypt the files or restore them by deploying a factory reset.  

More likely is that your phone has been victim to Locker ransomware. You can try to remove it yourself by rebooting your phone in Safe Mode. This prevents third-party apps from running, which hopefully includes the ransomware. Not all Android phones restart in Safe Mode the same way but most allow you to do this directly by holding down the Power button for a few seconds. Then press Power Off, and depending on your device, either choose the Safe Mode option at the bottom of the screen or tap OK.   

Once you’ve done that, go to Settings> Applications > Manage Applications and choose the application you wish to uninstall. Lastly, help keep malware off your phone by making sure you’ve disallowed non-official app installations by going to Settings>Security and uncheck “Unknown sources”. If this didn’t work, you can also do a factory reset. But remember, this will erase all your data, so only proceed if you have done a recent backup! 

This post is also available in: German

Avira logo

Get free protection for your phone and other devices