Blackmailer Virus On Android: So Save Your Data

Blackmailer virus lock your mobile device – you should then pay ransom for the release of the data. We will tell you how you defend themselves the best contrast.

Once carelessly downloaded an app from a dubious source – and already has happened: you have caught a blackmailer virus. Because blackmailer virus pose a threat now for Smartphone users. According to Kaspersky security specialist, 2016 30 percent of more these pests have surfaced in the first quarter. The blackmail prevent access to the files on infected devices and then demand a ransom for their release. But before you whip out your wallet now, try rather to get rid of the pest itself. We tell you what your options are and what security measures to take.

Blackmailer virus – what are and how do they work?

Blackmailer virus lock your device, and encrypt the files stored. Then, they demand a ransom for the release of the device and the data. This is either through a cash transfer service to pay or by digital currency, about using Bitcoins.

The system works for the criminal on the PC distributors for years very well. For some time, they are now trying to bring blackmailer virus for Android under the people. The criminals send the malicious blackmailer apps including mail.

So, for example, the anti virus specialist BitDefender had discovered in June 2015, that some of the mail claimed that they had an update for the flashplayer app in the annex.The annex consisted also of an APK file, so an app. Who started the annex on Android, received a warning that the app does not come from the official app store. Install the app settled yet.

Who was fell for the trick, first received a new app on the home screen with name ‘Video Player’. After starting the app, an error message appeared. Who away wanted to tap them, was faced with an alleged warning of the FBI, which no longer disappeared from the screen. They informed the user that he had visited pornographic Web sites and therefore violate the law. To reinforce this message, show the criminal screenshots of alleged browser history. Then they demanded ransom $500 to release the device. It only helped to launch the Smartphone in safe mode and uninstall the app.

Some of the pests increase the pressure on their victims in addition by brandishing an ultimatum. Who pays the ransom of 200 dollars within one day about, has then to pay $400. And who still has not paid after a week, whose data are irretrievably destroyed.Unfortunately, these threats being made also true.

See also: Everything about blackmailer virus must know

How does the malicious code on my Smartphone?

As the most harmful apps, also the blackmailer apps came not from the official Google play store. You must be so explicitly as APK file on your Smartphone download it and install. The pests stuck so often in games, but also in popular programs such as Messenger or antivirus apps. From the outside, it is to see the apps not that your code was corrupted. Only after the installation, they then show her real face.

The blackmailer virus use a classical path for PC pests – the mail as another distribution channel. So, blackmailer viruses come mainly through spamartig widespread mail. But unlike many spam, these messages are usually very well-made animated emails. The appearance is real, the message seems plausible, and the appendix is usually a harmless-looking APK file or a link. As the recipient of the message often open the attached file or click on the download link. In the software, are but dangerous pieces of code that exploit security vulnerabilities and reload another code, usually the encryption Trojan itself, the next step from the Internet and start.

Some of the harmful apps require even root access during installation. Who has granted, is in greater difficulties, because the removal is difficult.

A blackmailer virus has struck. Should I pay?

Safety experts generally recommend not to pay the ransom. Because you can rely, that you get a working code to decrypt or unlock after the payment. On the other hand, you would encourage criminals to do so with a payment to spread more pests. With your payment you would fund the development of new blackmailer virus so indirectly.

But that is only one side. Many people see no other way to pay for the ransom for themselves. They simply lack a backup of your critical data. There are so many of those affected have paid. As a general rule: A blackmailer virus that blocks only have access to your mobile device, you get back off without payment of ransom. It looks different in pests that encrypt your data. If you have no back up then, the payment of the ransom can be a chance to get back the files.

Android apps completely and securely delete – so it goes

How can I protect my Smartphone?

Most manufacturers of anti-virus software for Windows offer also Schutzapps for Android. This check any new app, whether it is known as dangerous. These provide the tools often already in the free basic version. Who will pay for the Pro version, get additional features.

Also a current and comprehensive backup of your data and your system is the best insurance against blackmailer virus. Backup of personal data you must remember however really all important data. More on this subject see the following.

First aid for the virus infestation: how to proceed

Most blackmailer viruses, so-called Ransomware (ransom = English for ransom), encrypt your data first silently and quietly in the background and then viewing your message for blackmail. If you see the message, the calamity happened already. There is therefore no reason for hasty measures. However, some pests threaten to increase their ransom demand after a certain time, or to delete all data. This is meant seriously. So soon, check whether you can have a complete backup of your data and to renounce the encrypted files. You should pay the ransom, only in exceptional cases – if you really need the data and you have no backup.

Cleaning of the mobile device app

Google play store you will find various apps from security companies such as CheetahMobile or trend micro, who crack up at ransomware. The use of a such app but requires in most cases that the pest will allow you to install and run. Then the cleaning process is quite easy.

Which appears particularly promising in the field ” Ransomware killer ” security expert Cheetah mobile: it should work also on the mobile device. Install it to do so in this case about the play store website on the PC and not on the play-app on your Smartphone.The only requirement is that you use same Google account on the PC and on the Smartphone, because otherwise the installation doesn’t work. In addition, the antivirus app ” CM Security ” of the manufacturer may be needed, also play via remote installation can be. Then simply follow the directions on the screen, and the “Ransomware killer” assumes the cleaning. A variant of the “Ransomware killers”, also from the House of Cheetah mobile, is the ” Simplelocker cleaner “, which specifically takes care of the Simplelocker pest. As already “Ransomware killer” install the ‘Simplelocker cleaner’ does not have the play store app – the phone is so locked, you have only limited access, but on the PC in the browser. In addition, the same Google account is important again. Install so the app on the infected mobile device. Then press the home button to go to the home screen. Then quickly run the ‘Simplelocker cleaner’ off. The virus does not allow this, repeat the last step. Then, follow the instructions of the app.

Is a Cheetah mobile app, which you can install directly from the play store app (if possible), ” stubborn Trojan killer “. She takes especially care of Trojans how ghost push and root Nik, which is set in the Rome of the mobile device and from there install independently more viruses, send paid SMS, share data and wreak other havoc.Operation of “stubborn Trojan killer” is very simple: after the start type first to the three points right above and choose “Update” to download the latest virus info. Then, you start the Trojan hunting mode “scan”. Trying the app find it, them, to remove the pest. If she fails, you can cut the Internet connection at least the virus via the app’s settings.

Another highly recommended app is “malwarebytes anti-malware”, which has proved already as PCSoftware and virus’s tricks occurred many (Erpresser-). After the installation on the play store, launch the app and enable the real-time protection. The app requires the right to collect usage data, so to determine what apps you use. Since the protection app should check other apps on pests, you must grant you these rights. Then return to “Malwarebytes anti-malware”, and tap on “I’m ready”, permissions further to her to give then get risk status in the dashboard of the app, where you see. The app has found “Problems” can it “now fix it”. Affiliated the app problems shows more detail, so about still not scanned apps that require a full system scan, or problematic security settings such as an active USB debugging and NFC Android beam. You can solve each of the problems found on the app; and if she finds viruses in the system scan, the app also that cares.

Security expert trust look also a useful tool with the ” Ransomware Hunter ” in his range of app removed blackmailer virus from the mobile device.” Ransomware Hunter”can detect blackmailer virus. To do this tap after the installation, click “Start”, then “Scan”.Tries the app find, they eliminate the malware.

Tip: Android reset properly and safely

Cleaning of the mobile device with Android onboard resources

Has the virus gained root privileges and can install any other apps, is just the way forward, completely reset the device to factory settings. You can find this option in the settings app under “Secure & reset” or similar. Make sure that the hook in “Automatic restore” is disabled! Keep in mind, however, that you lose all your data as a result, apart from the content on the micro-SD card (if present).

The Admin rights are still with you or the reset has not removed the virus, try to restart your Smartphone in safe mode. Android boots up only with a minimum configuration, what prevents the execution of malicious software in many cases so that you can uninstall it like a regular app.

Many smartphone models, you get the volume rocker in safe mode by you switch the appliance on as usual, but the volume down key press and hold, so the lower half. As soon as the PIN query appears, you see the “Safe mode” displayed in the lower left corner of the screen. Now, you can try to uninstall the virus in the app browser or the application manager. The encrypted data remains however, once encrypted. A restart of the device appears again in normal mode.

Come with this procedure for your model not in safe mode, check the best on the Internet for the correct keyboard shortcut, by you googled the exact model and “Safe mode”. And your Smartphone can no longer switch off, because the virus will prevent this, remove the battery briefly. That the issue is not, you must wait until the current dispenser is empty. Then recharge the appliance and then start it in safe mode.

Recover encrypted data

Unfortunately, the impact of ransom malware consist of two parts: once the virus itself that on the mobile device has become wide and restricts access. As already described, can move him with specific apps or Board means to tackle. The second part, which are encrypted data, not so easy to restore. The easiest way is here, a backup (see box below) to play again. But that is not always to the hand.

You can absolutely not leave out on your data, the mentioned Security Apps Help may be to identify the pest. On the Internet, then search whether any a decryption key is available. If not, you can contact only the well-known manufacturer of security software – maybe you have a solution for you ready.

I am sure after a thorough virus cleaning?

Have you successfully removed the blackmailer virus from your mobile device (and recover your data), it is now to ensure that you will never catch up such a pest. To do this you should follow basically when dealing with your Smartphone or Tablet four golden rules:

1. only in exceptional cases to download apps from other app stores as the Google play store. Disable best the corresponding option in the settings under “Security, unknown sources”. So, no apps from third-party stores with unwanted baggage get more on your mobile device.

2. show a healthy distrust of APK file. It will have its reason that the associated app is not (yet) officially available. For example, hackers go have brought infected APK files of the game circulated before the official release of Pokémon.

3. not carelessly click on links in messages, whose Absender you don’t know. May is a download behind it, which automatically launches and invites you to a corrupt app to your Smartphone. What is true for mails to the PC, also applies to mail on your mobile device!

4. believe no offers that seem too good to be true. Many pests are hidden in adult players. Keep in mind: no one gives you anything in the Internet, especially no adult offers! In case of doubt, you pay with your data or even access the alleged Gratisinhalte on your Smartphone.

Consider this code of conduct, (Erpresser-) virus you should have no chance. In addition a security app helps you to check also offers from the official Google play store before downloading and installing on heart and kidney.

, By the way: A blackmailer virus made wide on your Smartphone, you should change just in case the log-in passwords to all your services, ranging from payment services such as PayPal through your Gmail account up to shopping sites like eBay and Amazon.

Create Smartphone backup

Blackmailer viruses are relatively powerless, if you regularly back up your data. Then you don’t care about might, whether you get the code to decrypt or not – is a complete reset and clean the mobile device and the restore your Smartphone or Tablet again like before the hacker attack. Drop the backup of your Smartphone data but necessarily on the PC or in the cloud. A backup on the mobile device itself brings nothing for viruses.

Do you want to create the backup on the PC, you can use the software, offered by the manufacturer of your device for this, about Samsung smart switch or LG Backup. However, third-party programs such as the are better my phone Explorer. The tool creates backups of mobile data, apps, and settings. How-to: connect your Mobilger t via USB, Bluetooth or Wi-Fi, to the PC. You opt for USB, your smartphone when connected in the mode must be “Invite only” stand and have enabled USB debugging.The connection is you can select via “File-> settings-> multi-sync”, what you want to save. But: A full image backup of the phone can not mess with my phone Explorer.

Prefer a backup in the cloud, this is possible, for example, with dropbox. Using the app ” Autosync Dropbox – Dropsync “, you can select a local folder and a folder in the dropbox and enable synchronization via hook. You make the rest of the synchronization configuration settings. The option “Instant Upload” is especially comfortable. As soon as a new file appears in a monitored folder of the phone, it will be immediately loaded into the dropbox. You want more than a directory or files larger than 10 MB synchronize are an upgrade to the Pro version of the app however is required.

The backup app ” iDrive ” also provides an easy way to back up all data in the cloud on an Android device. While the data on request is also encrypted and protected with a password.

And even Google itself provides several backup options you find in the menu “Save & reset”.