FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It

One of the most intimidating malware threats, FBI Ransomware, has hit Android – pretending to be the FBI while leaving users who install seemingly innocuous apps feeling pressured into paying $300 to release their data.

Fortunately, the malware is straightforward to remove, and if your phone is correctly secured you shouldn’t even be able to install it.

A Reminder About Ransomware

Ransomware has been in the news repeatedly over the past few years. This is the insidious malware that will lock your data or device (smartphone or PC) and displays a screen-wide message that demands money from you to release it, which it does by sending you an unlock code.

If you’re lucky.


Two particularly well-known examples of ransomware are CryptoLocker (which encrypts your data but has since been defeated) and those that accuse you of viewing child pornography, locking your system and forcing you to pay an on the spot €100 fine to restore control. There are several variants of this, among them “Anti Child Porn Spam Protection”.

Ads by Google

Ransomware is evil, intimidating, and illegal. It doesn’t care who you are, nor how much money you have in your wallet. Think of it like the school bully, or an organized gang demanding money or else they smash up your property.

Avoid Android Ransomware In The First Place

If you are indiscriminate or careless about the apps you install on your Android phone or tablet, you might just find that some ransomware has appeared.


The protections put in place by Google in the Play Store mean that malware should be blocked (thanks to the Bouncer service). Even if something got through the approval process, the rating system and app report tool would see to it that it didn’t stay online.

It is from unknown sources that ransomware can end up on your Android device, whether from online downloads or from otherwise helpful third party app stores that provide an alternative to Google Play. We’ve covered the risks of this previously, but as long as you have Settings > Security > Device Administration > Unknown sources disabled, such malware cannot install. Keeping the Verify Apps option checked also helps as it checks every installed app automatically.

FBI Ransomware: It Has A Disguise

You won’t realise that you have installed the FBI Ransomware malware until it is too late; it isn’t listed as “FBI Ransomware” in any online app stores!

Instead it disguises itself as another app. This isn’t uncommon for Android malware, although in many cases there is an apparently functional app completing the illusion.

FBI Ransomware can easily be defeated by your refusal to install apps claiming to be Adobe Flash Player. We’ve previously covered how to install Flash Player, which was removed from the old Android Market when support for the media streaming service was dropped, and while the method we showed you remains safe, this isn’t something you should bother with now.

Things have moved on considerably since then. Flash Player is not needed as browsers are HTML5 ready, removing the need for a video plugin, and anyone installing a Flash Player app from a third party app store is potentially installing the FBI Ransomware malware.

So what can you do to deal with it?

Remove FBI Ransomware With Android Safe Mode


Found the FBI Ransomware message taunting you on your Android device? There is a solution, one that really needs to become widely known so that victims can delete the malware without resorting to paying for their data to be unlocked.

(Payment for this scam is via a GreenDot MoneyPak card, which must be purchased and pre-loaded with funds, and the code entered. The lack of access to MoneyPak cards internationally is reason enough to get the malware off your device should you have been hoodwinked into coughing up.)

On some older devices such as the Samsung Galaxy S2, FBI Ransomware doesn’t load quickly enough, meaning that you can disable it before it has loaded, as per this explanation.

Booting Android into Safe Mode differs from version to version and across devices. You might, for instance, hold the power button, then long-press Power Off to display the safe mode dialogue. Similarly, you might long-press Reboot to get the same result. You should be able to find the solution for your device with a quick web search.

With Safe Mode booted (you’ll spot the “Safe Mode” legend in the bottom left of your display) only system apps will be running. Any third party apps you have downloaded and installed are disabled, much as with booting into Safe Mode in Windows.

Removing FBI Ransomware from your Android device requires you to first remove administrative privilege from the app in its Flash Player guise. Open Security > Device Administrator and select Flash Player, then Deactivate.

You can then remove the ransomware by opening Settings > Apps, selecting Flash Player and tapping Uninstall.

Have You Been Infected?

It should be clear that removing FBI Ransomware from your Android device is straightforward and achievable. You won’t need an antivirus app to remove it (although you could install an Android antivirus app, though you may not need it), and you’ll save yourself a cool $300 should you be unfortunate enough to end up with it on your device.

Additionally, you should be extremely careful when using third party app stores, and don’t leave Unknown Sources disabled. Once you’re done installing a trusted app that isn’t from Google Play, remember to re-enable that setting!

Have you been hit by ransomware on your Android device? Any malware screwed up your device? Let us know in the comments.

Image Credit: Ransomware via Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *