Findings of the research say that owners can still navigate to the Home screen of their phone but only for about 5 seconds. The message will pop up once the timer reaches the specified time.
Known to Android community as Android-Trojan.Koler.A, the ransomware uses geolocation features of the phone that allows it to tailor warnings based on where the user resides. The warning message varies depending on the IP address of the owner.
According to a report, owners who pay a hefty fine of $300 are said to regain control of their phone. The payment are reportedly being conducted via Paysafecard or uKash, which have untraceable payment systems.
"ATTENTION! Your phone has been blocked up for safety reasons listed below. All the actions performed on this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO."The malware can be automatically downloaded via adult websites claiming to be a media player that offers premium access. Users would then be prompted to allow sideloading of apps by enabling 'Unknown sources' via the Developer Option under Settings.
There were already hundreds, if not thousands, of people who have fallen victims to this kind of extortion over the internet. In 2013, a ransomware was also discovered targeting computer owners who often visit pornography sites. It is clear that hackers like the ones behind Koler.A are now shifting their focus on Android, considering the system is open-source and can be manipulated by those who have sufficient knowledge.
One good way to prevent this ransomware is to stay away from adult websites.