How To Remove the Android Lockscreen Ransomware (with Pictures)

If your Android phone or tablet is locked and you are seeing a lock-screen notifying you that your device is blocked, then your Android set is infected with a malicious app.

[Image: Android FBI virus]

These type of malicious appps are distributed through malicious websites, or legitimate websites that have been hacked, which will say that you need to install a special “video player” app, and then offering it for download. This infection may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

What is the Android Lockscreen Ransomware?

Ransomware has evolved in the recent year and the Windows operating system is not the only one who can get infected with this type of malware. With Android overwhelmingly the most common operating system for mobile devices, ransomware specially made for phones, tablets and more is also on the rise.

The malicious ransomware apps will lock you out of your Android device and applications, so whenever you’ll try to unlock or use your smartphone, it will display instead a lock screen asking you to pay a ransom in vouchers or cryptocurrency (Bitcoint, Monero, Dash). The malware’s authors prefer these payment services because transactions made through them cannot be reversed and are hard to trace.

Unlike Windows devices, the good news is that the infection doesn’t encrypt any of your data on your Android, and it merely locks your device with a popover browser window that quickly reappears if you try to get clear of it. The bad news is that the continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware.
Even rebooting won’t help as the malware kicks back in early in the process of restarting. A factory reset will get rid of it, but that also removes all your other installed apps and stored data.

The messages on these Android Lockscreen Ransomware are in most part a scam, and you should ignore any alerts that these malicious app might generate.
Under no circumstance should you send any vouchers or cryptocurrency to these cyber criminals, and if you have, you can  should request a refund, stating that you are the victim of malware.

How To Remove the Android Lockscreen Ransomware (with Pictures)

This page is a comprehensive guide which will remove the malicious app from your Android phone. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

To remove the malicious ransomware app from your Android device, you have these options:

OPTION 1: Remove the Android Lockscreen Ransomware without resetting your device

STEP 1: Reboot your Android phone to Safe Mode to avoid the Android Lockscreen Ransomware

The Android Lockscreen Ransomware locks your phone with a pop-over browser window, like the one you see above, that quickly reappears if you try to get rid of it. The continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware, and a plain reboot won’t help, because the malware comes back to life early in the restart.

To avoid the the Android Lockscreen Ransomware, we will need to start your Android phone in Safe Mode.
Safe Mode for Android is a mode that allows a phone to load all the default settings and software the phone originally came with, most importantly your system starts up without loading any third-party apps.

There are a few methods to enter the “Safe Mode”, depending on the model of your Android phone.

Method 1: How to boot your Android device in Safe Mode

  1. Press and hold the power button as you would to power down or reboot.
  2. A menu will pop-up on your Android device. TAP and HOLD the “Power off” option.
    [Image: Hold the power button until this menu appears]
    If nothing happens long press the “Reboot” option instead of  “Power off”.
  3. A dialog should appear offering you to reboot your Android device to “Safe Mode”. When this happens, click on “OK” to enter “Safe Mode
    [Image: Reboot to Safe Mode Android]
  4. If you have managed to select “Safe Mode”, you will see the text “Safe Mode” at the bottom left corner of the screen.
    [Image: Android Safe Mode]

Method 2: How to turn on Safe mode on an Android device

If you have a Google Pixel, a Samsung Galaxy S9, or any other Android smartphone or tablet, running Android 6.0 or later, then the process for turning on Safe mode is as follows:

  1. Press and hold the Power button.
  2. Tap and hold Power off.
  3. When the Reboot to safe mode prompt appears, tap OK.
  4. Your device will then restart and it will say “Safe mode” in the bottom-left corner.This method also works for LG, HTC, Sony, and many other Android phones.

Method 3: How to turn on Safe mode with the keys

Whether you have a Samsung Galaxy S8, an HTC U12 Plus, or any other Android smartphone or tablet, then the process for turning on Safe mode with the keys is as follows:

  1. Press and hold the Power button and select Power off to turn your device off.
  2. Press and hold the Power button, until you see the animated Samsung or HTC logo appear.
  3. Release the Power button, and press and hold the Volume down button.
  4. Keep holding it until your device boots up.
  5. You can let go when you see the words “Safe mode” in the bottom-left corner.This method works for most Android phones and tablets.

STEP 2: Uninstall the malicious apps from Android

Android phone will get infected with viruses from a malicious app that is installed on the smartphones. In this first step, we will try to identify and uninstall any malicious app that might be installed on your Android phone.

  1. Open your device’s “Settings” app, then click on “Apps”

    To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
    [Image: Go to Settings and select Apps]

  2. Find the malicious app and uninstall it.

    The “Apps” screen will be displayed with a list of all the apps installed on your device. Scroll through the list until you find the malicious app.

    In our case the malicious app is “BaDoink” however this will most likely be different in your case. These are some known malicious apps: BaDoink, Porn-player, Browser update 1.0, Flash Player, Porn Droid, Network Driver System, Video Render System Security 1.0 Adobe Flash Update, or System Update.

    If you cannot find the malicious app, we advise you to uninstall all the recently installed applications.
    If the malicious app is “Adobe Flash Player“, then your Android phone is infected with the latest version of ScarePakage ransomware. This app will most likely will not allow you to uninstall it.
    To remove it, some variants of ScarePakage (fake Adobe Flash Player app) will uninstall themselves if you enter a random, long-enough number to satisfy the MoneyPak (15-digits) demand. If this will not work, than you will have to follow reset your phone settings as seen in OPTION 2.

    [Image: Search for the malicious app that is locking your Android phone]

  3. Click on “Uninstall”

    Tap on the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen. If the app is currently running press the Force stop button. Next we will clear the cache and data, and we will uninstall the unwanted app.

    1. First tap on the Clear cache button to remove the cache.
    2. Next, tap on the  Clear data button to remove the app data from your Android phone.
    3. And finally tap on the Uninstall button to remove the malicious app.

    [Image: Touch the app you’d like to uninstall]

    If the Uninstall button is grayed out (this may happen if your phone is infected with the Android Screen Locker malware) then go to:
    1. Settings > Security > Device administrators.
    2. Tap the app that you cannot uninstall.
    3. Choose “Deactivate” > “OK” and immediately shutdown your device.
    4. Start your device again and then uninstall the malicious app.
  4. Click on “OK”.

    A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
    [Image: Remove malicious app from Android phone]

  5. Restart your phone.

    Restart your Android device in normal mode. To do this, press and hold the Power button, then tap the Restart option.

STEP 3: Use Malwarebytes for Android to remove adware and unwanted apps

Malwarebytes is one of the most popular and most used anti-malware app, and for good reasons. It is able to destroy many types of malware that other software tends to miss, without costing you absolutely nothing. When it comes to cleaning up an infected device, Malwarebytes has always been free and we recommend it as an essential tool in the fight against malware.

The first time you install Malwarebytes, you’re given a free 30-day trial of the premium edition, which includes preventative tools like real-time scanning and anti-theft features. After 30 days, it automatically reverts to the basic free version that will detect and clean up malware infections only when you run a scan.

  1. Download Malwarebytes.

    You can download Malwarebytes by clicking the link below.

    (The above link open a the Google Play Store from where you can download Malwarebytes)
  2. Install Malwarebytes on your device

    In the Google Play Store app, tap “Install” to install Malwarebytes on your device.

    Malwarebytes for Android - Google Play App

    When the installation process has finished, tap “Open” to begin using Malwarebytes for Android.
    Malwarebytes for Android - Open App

  3. Follow the on-screen prompts to complete the setup process

    When the Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through the Malwarebytes for Android takes you through a series of permissions and other setup options.
    This is the first of two screens which explains the difference between the Premium and Free version. Swipe this screen to continue.

    Click on “Got it” to proceed to the next step.

    Malwarebytes for Android will now ask  for a set of permissions which are required to scan your device and protect it from malware. Tap on “Give permission” to continue.

    Tap on “Allow” to give permission to Malwarebytes to access the files on your device.
    Malwarebytes for Android - Setup Wizard 5

  4. Update database and run a scan with Malwarebytes

    You will now be prompted to update the database and run a full system scan.

    Malwarebytes for Android - Fix Issues

    Click on “Update database” to update the Malwarebytes anti-malware definitions to the latest version, then click on “Run full scan” to perform a system scan.

    Update databsased then Run a full scan with Malwarebytes

  5. Wait for the Malwarebytes scan to complete.

    Malwarebytes will now start scanning your devices for adware and other malicious app. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Malwarebytes for Android - Scanning for Malware

    Malwarebytes for Android - Scanning for Malware 2

  6. Click on “Remove Selected”.

    When the scan has completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malicious apps that Malwarebytes has found, click on the “Remove Selected” button.
    Malwarebytes for Android - Removing Malware

  7. Restart your devie.

    Malwarebytes will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
    When the malware removal process is complete, you can close Malwarebytes and continue with the rest of the instructions.

STEP 4: Clean-up the junk files from Android with Ccleaner

In this step we will clean the cache of your device with the Ccleaner application. CCleaner is a free app, which will help us clean up your device from junk files.

  1. Download Ccleaner.

    You can download Ccleaner by clicking the link below.

    (The above link will open a new page from where you can download Ccleaner)
  2. Install Ccleaner on your device

    Click on the “Install” button, and when the app permissions will be displayed click on “Accept” to install Ccleaner on your device.
    Install the Ccleaner app
    Ccleaner will be installed on your phone, this will only take a few seconds. When Ccleaner has finished installing, open the app

  3. Click on “Analyze”

    To perform a system scan with Ccleaner, click on the “ANALYZE” button .
    Ccleaner Analyze button

  4. Clean your device from junk files

    Ccleaner will now start scanning your device for junk files. The scan may take a few minutes depending on how many apps you have installed.
    When analysis is completed, tap to mark the check-boxes next to “History” & “Cache”. You may also want check any other application that your want to delete its cached content.

    Ccleaner remove junk files

    Tap on the “CLEAN” button remove all the junk files from your Android device.

OPTION 2: Backup & Reset your phone to remove the Android Lockscreen Ransomware

This is the last resort and is meant to be used only if the other two options have failed. When you use the “Backup and Reset” option on your device, it will restore the phone to its original settings, as if it is new again, thus removing the malicious app from your Android.
To restore your Android device to its default settings, we will need to use the “Safe Mode” as seen in Option 1, Step 1. Before you proceed with this option make sure your phone is in “Safe Mode” (How to get into “Safe Mode” on Android phone.)

STEP 1: Copy your videos, pictures and other personal documents onto your computer

Resetting your device to its default settings will remove all your images, videos or personal documents, so before doing a hard reset, we advise you to copy them onto your computer. Below you can see how you can easily copy the files from an Android device to a computer:

STEP 2: Reset your Android phone to its factory settings

This process will clear the entire phone and revert it back to how it was when it came off the assembly line.
The phone is going to think its brand new right out of the box.

Your Android phone should now be clean. If you are still experiencing problems while trying to remove a malicious app from your device, please ak for help in our Malware Removal Assistance forum.


We love Malwarebytes and HitmanPro!

We really like the free versions of Malwarebytes and HitmanPro, and we love the Malwarebytes Premium and HitmanPro.Alert extra features.

Malwarebytes Logo Malwarebytes Premium sits beside your traditional antivirus, filling in any gaps in its defenses, providing extra protection against sneakier security threats.

Malwarebytes Premium Features

HitmanPro Logo HitmanPro.Alert prevents good programs from being exploited, stops ransomware from running, and detects a host of different intruders by analyzing their behavior. HitmanPro.Alert will run alongside your current antivirus without any issues.

HitmanPro.Alert Features

I am the creator and owner of the MalwareTips Community. I've started this site in 2010 to help people solve their computer problems.
I live in Bucharest, where I run my own local computer repair shop. My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.