A ransomware is a special breed of malware that cripples your Android devices unless you send the ransom money to the cyber-criminals. It covers the entire screen of your mobile phone and does not let you do anything without paying the ransom. Some variants of the ransomware can also encrypt the files in your Android device and claim to decrypt them after the payment is made. But you should not make any payment to anyone. Instead, you can remove this malware using the Android safe mode and recover your encrypted files from any backups that you were keeping.
Here is how you can remove ransomware or any other stubborn malware from your Android device:
- Reboot your Android phone into the Safe Mode. In the safe mode, the phone blocks all the user-installed apps, and so all the malicious apps stop running in this mode. To reboot your phone into safe mode, long-press the power key to bring up the power menu. Long-press the power or the reboot button until you see a prompt to reboot the phone in the safe mode. Choose to reboot in the safe mode and in a few seconds the phone will be booting in the safe mode.
- When the Android phone has booted in the safe mode, you will see Safe Mode written in the lower-left corner of the screen. Go to System Settings → Apps in your Android phone, find all the apps that look unfamiliar or malicious to you and uninstall them all. You can google the app names for more information.
- Still in the safe mode, install a good antivirus solution like ESET Mobile Antivirus, CM Security Antivirus or G-Data Internet Security. Keep in mind that you cannot run these apps in the safe mode.
- Reboot your phone once again – but this time, choose to reboot normally. When your phone restarts, launch the installed antivirus apps and scan your device for malware. Remove the malware if it is detected.
If the malware (e.g., GhostPush trojan) has rooted your device and has installed itself as a system app, then regular antivirus apps won’t be able to remove it. You would need a special app like Cheetah Stubborn Trojan Killer to remove the malware. And if the malware still sticks around, then the only solution is to re-flash the stock firmware. You can find stock ROM as well as the flashing instructions from the website of your device manufacturer, from XDA forums, or you can google for it.