My phone is a Samsung Galaxy S2. I have somehow gotten some ransomware that is displaying device information, including my name and recent contacts' data.
The ransomware starts basically right away, so I cannot open anything else. I can only access the drop down menu, but opening anything from there isn't happening either. There is a new ongoing application marked as . and I can turn Wi-Fi etc., but I cannot open settings. If I hold the power button, the device just turns off, but I cannot start in safe mode. I have connected it to my PC with USB, but Windows 10 software is not letting me access the device.
Update:
From the drop down menu if I hold the home button, it opens menu showing which apps are allowing me to access some options. When I do this, I have settings as the only list right now, but when selected, the ransomware still displays over me.
I have Avast Mobile installed, but it doesn't help.
It looks like it might be the Koler ransomware UK version. However, it starts instantly and blocks everything. I did not give it permission to install, so I am not sure what's going on here, my device should be blocking everything but Google Play.
I just realised I can open the device options through long hold from the pin input menu. Listed is the power off, data network mode, flight mode and restart. I now realise I am supposed to press and hold the power off button, but this does not work either. I should be on Android 4.1 or 4.2 and it states that safe mode was introduced in 4.1. Please advise.
P.S.: I won't pay the ransom!
On my device holding the volume up and down buttons during boot launches safe mode, I have just now successfully launched safe mode and prevented the start of the ransomware. I will take a short break before proceeding to remove the application.
In addition to removing the application, what should I do ensure my security and prevent this situation in future? Help is appreciated.
