The “FBI Department of Defense” warning message: “Attention, Your phone has been blocked up for safety reasons listed below. All The actions performed of this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO.” is an Android ransomware virus belonging to the Koler Trojan family (Andr/Koler-A) , that claims that your phone is blocked because of law violations about “Copyright and Related rights Law” (downloading of piracy music, video or warez software” or because you have accessed pornographic material. The virus makes it impossible to access your phone, informs you that your phone is blocked and your files are encrypted and asks you to pay a fee of 300$ using MoneyPack, XpressPack or BitCoin untraceable money transfer services to unblock it within 48 hours, otherwise your phone will stay blocked and your files encrypted.
The good news of the “Attention, Your phone has been blocked” ransomware infection is that the virus doesn’t affect your files in any way but -the bad news- is that you cannot access them or use your phone, because the warning message stays in front of all phone applications and settings so it makes it impossible to access them.
The “Attention, Your phone has been blocked up for safety reasons” ransomware virus is a FAKE warning notice and may appear in different languages depending on the user’s location. The full FAKE warning message that appears on the phone’s screen is as follows:
“ FBI Department of Defense
Your phone has been blocked up for safety reasons listed below. All The actions performed of this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United Stated of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading pof pirated music, video warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your phone, that unauthorized access had been stolen information of State importance and to data closed for public Internet access.
Unauthorized access could have been arranged by yourself purposely on mercenary…
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
…Amount of fine is 300$. You can settle the fine with MoneyPak xpress Packed vouchers.
As soon as the money arrives to Treasury account, you phone will be unblocked and all information will be decrypted in course of 24 hours. ‘
The “Attention, Your phone has been blocked up for safety reasons” ransomware virus infects your Android phone if you visit malicious websites or if you install a phone Application from an unknown source or from a legitimate site that has been hacked. Commonly this type of viruses tricks users to install malicious software on their phone in order to access a website or to watch video online. For that reason you must always pay attention and do not install applications from unknown sources.
In order to unblock your phone for this type of ransomware infection you have to start your Android device in “Safe Mode” in order to be able to uninstall the nasty application from your device.
In the following steps you can find detailed instructions on how to start your phone in “Safe Mode” and uninstall the malicious application that is responsible for the “Attention, Your phone has been blocked” ransomware infection:
How to unblock your Android phone and remove the “phone has been blocked’ (Andr/Koler-A) virus.
Step 1. Start your phone in “Safe Mode”
First of all, you have to start your Android phone in Safe Mode. The instructions below are different for each Android mobile. So, follow the given instructions according to your Android device model.
Google Android Devices & various Android Open Source Project, or AOSP, derivatives like CyanogenMod.
To enter into Safe Mode in various Android Devices, perform the following operation:
- Press and hold the power button like you want to power off or reboot your Android device.
- At the menu that comes up, tap and hold the "Power off" option. *
- Normally a new popup menu should appear on your screen that asks you to “Reboot to safe mode”. Answer “OK” at this point and let your phone to reboot in Safe Mode.
* Note: If nothing happens, try the same operation with the "Restart" option.
Samsung Galaxy S4 & Samsung Galaxy S5.
To enter Safe Mode in Galaxy S4 & Samsung Galaxy S5 mobile devices, perform the following operation:
- Turn off your Android phone.
- Turn on your phone and repeatedly tap the “Menu” button.
Alternate method for S4 & S5:
- Turn off your Android phone.
- Hold the "Power" button to turn on your phone.
- When the Galaxy logo appears on your screen, press and hold down the "Volume Down" button until you see the 'Safe Mode' appear on the lower left corner on the screen
Samsung Galaxy S3 and other mobile devices.
To enter Safe Mode in Galaxy S3 mobile & other devices, perform the following operation:
- Turn off your Android phone.
- Turn on your phone and – according to your phone model – immediately press and hold down the following key(s) :
- Volume Down (Samsung Galaxy S3 & other devices)
- Volume Up (HTC One and other devices)
- Volume Down + Volume Up – together – (Motorola devices)
Note: When you enter “Safe Mode” then you will see the text “Safe Mode” at the bottom left corner of your phone screen.
Step 2. Uninstall the malicious application (App) from your Android device.
When your enter in Safe Mode:
1. Open Application Manager. To do that:
- Go to Apps.
- Tap Settings.
- Tap to open Application Manager or Apps menu. *
* Note: In Samsung S3 and other devices, the Application Manager (Apps) can be found under the More menu (on the top).
2. When you enter Application Manager, find and uninstall* any of the following malware apps in the list below:
* Note 1: To Uninstall an app in Android: Tap on the app name and then tap in order: Clear cache, Clear Data and finally tap the Uninstall Button.
* Note 2 : If Uninstall option is grayed out then go to: Settings > Security > Device administrators. Tap the app that you cannot uninstall. Choose "Deactivate". (Then Uninstall the malicious app).
Malware Apps List (Name)
- Browser Update
- Flash Player
- Malware App
- Porn Droid
- System Update
- Update Installer
- Choose “OK” to confirm your decision.
3. Reboot (Restart) your Android device normally and you ‘re done!
Update for anyone that cannot remove the Android FBI-Police virus using the steps described in this article:
I have written a new more detailed guide on how to remove Android viruses that can be found here: How to Scan and Clean your Android Device from Adware, Virus & Malicious Apps. The new article is based on the current article, but it contains some very important extra steps and details about the FBI-Police virus removal procedure.