How to Remove Ransomware from Android Phones

A ransomware is a special breed of malware that cripples your Android devices unless you send the ransom money to the cyber-criminals. It covers the entire screen of your mobile phone and does not let you do anything without paying the ransom. Some variants of the ransomware can also encrypt the files in your Android device and claim to decrypt them after the payment is made. But you should not make any payment to anyone. Instead, you can remove this malware using the Android safe mode and recover your encrypted files from any backups that you were keeping.

Here is how you can remove ransomware or any other stubborn malware from your Android device:

Reboot your Android phone into the Safe Mode. In the safe mode, the phone blocks all the user-installed apps, and so all the malicious apps stop running in this mode. To reboot your phone into safe mode, long-press the power key to bring up the power menu. Long-press the power or the reboot button until you see a prompt to reboot the phone in the safe mode. Choose to reboot in the safe mode and in a few seconds the phone will be booting in the safe mode.
When the Android phone has booted in the safe mode, you will see Safe Mode written in the lower-left corner of the screen. Go to System Settings → Apps in your Android phone, find all the apps that look unfamiliar or malicious to you and uninstall them all. You can google the app names for more information.
Still in the safe mode, install a good antivirus solution like ESET Mobile Antivirus, CM Security Antivirus or G-Data Internet Security. Keep in mind that you cannot run these apps in the safe mode.
Reboot your phone once again – but this time, choose to reboot normally. When your phone restarts, launch the installed antivirus apps and scan your device for malware. Remove the malware if it is detected.

If the malware (e.g., GhostPush trojan) has rooted your device and has installed itself as a system app, then regular antivirus apps won’t be able to remove it. You would need a special app like Cheetah Stubborn Trojan Killer to remove the malware. And if the malware still sticks around, then the only solution is to re-flash the stock firmware. You can find stock ROM as well as the flashing instructions from the website of your device manufacturer, from XDA forums, or you can google for it.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.