Koler Ransomware is a ransomware-type malware for Android-powered devices that is distributed using text messages. It infiltrates Android smartphones and tablets and puts a lock screen on to prevent you from using your device. Cyber criminals behind this ransomware want you to pay 500 USD for a decryption key using the anonymous MoneyPak payment platform. This particular platform is used because it cannot be traced back to the criminals. However, you should remove this ransomware instead of complying with this demand because there is no guarantee that your device will be unlocked.
This ransomware was designed to trick users into thinking that it has something to do with the FBI. Koler Ransomware pretends to be a message from the FBI and claims to have locked your smartphone because you viewed child porn or some other type of illegal content. The message proposes that you pay a “fine” which is nothing short of extortion money, a ransom payment that will supposedly unlock your PC. The cyber criminals want you to pay 500 USD using a Money Pak Voucher.
As far as we know, this program’s developers distribute this ransomware using an SMS worm. Your device can become infected with this ransomware as a result of receiving a fake text message from one of your phone contacts. The fake text message says: “someone made a profile named -Luca Pelliciari- and he uploaded some of your photos! is that you? http://bit.ly/xxxxxx.” The text message contains a bit.ly URL. If you click the link, you get redirected to a DropBox page that offers you to download an app called PhotoViewer. If you download and install this app, the screen of or phone or other device will be locked, so you will not be able to access your content or use your device because the lock screen will prevent you. Previously, this ransomware was disseminated as a fake app for PornHub that was offered to users when they visited websites featuring adult content.
Furthermore, this ransomware will send the same text message you received to all of your contacts to infect the devices of more people. Koler Ransomware is a unique infection because it combines an Android ransomware attack with an SMS worm that contains a link to aforementioned PhotoViewer which is an “.apk” file. Unlike other SMS worms such as Selfmite, Koler Ransomware sends a fake text message only once while most other SMS worms send it all contacts in a loop.
Our research has shown that most Koler Ransomware infections take place in the US, but countries such as Saudi Arabia, Iran, China, India, Mexico, and several others have also had many cases of this ransomware infecting Android devices using via SMS worm.
In closing, Koler Ransomware is one highly dangerous Android infection that can infect your smartphone or other device secretly and lock it completely. It then demands that you pay a ransom that they call a “fine” to unlock it, but there is no guarantee that your device will be unlocked once you have paid. Therefore, we recommend that you remove this ransomware and you can do that after rebooting your device in Safe Mode. Check your device’s manual for additional information on how to boot your device into Safe Mode and then uninstall PhotoViewer from your apps list.