How to remove “Your device has been blocked” ransomware virus from Android tablet or phone?

“Your device has been blocked” - how to remove ransomware infections from an Android devices?

Cyber criminals have been spreading ransomware viruses on Windows-based computers for some time. These types of infections became popular in mid-2006 and continue to infect personal computers and extort money from their victims. Recently, security research began showing a rise in Android-based mobile ransomware infections. Commonly, ransomware viruses exploit the names of authorities including the FBI, USA Cyber Crime Investigations, and The ICE Cyber Crime Center - making fake claims that users must pay an amount of money (for supposed law violations such as watching pornography, using copyrighted files, etc.) in order to unblock their devices.

In most cases, cyber criminals employ the Green Dot MoneyPak, Ukash, or PaySafeCard pre-paid card services to collect fake fines from unsuspecting mobile device users. Tablet and mobile phone users should be aware that paying these fines as ordered by these messages is equivalent to sending their money to cyber criminals. Note that neither the FBI, nor any other authority, use screen lockers to collect any fines.

android ransomware

Cyber criminals have localized ransomware viruses that target mobile devices. Therefore, users from different countries see fake screen-locking messages displayed in their local language and exploiting names of authorities from their countries. Ransomware infections have become a profitable business for cyber criminals who continue to search for various ways of infecting mobile devices across the world. At time of writing, some ransomware viruses were targeting Android devices - all using rogue applications to lock tablet or phone screens.

Koler Android ransomware:

Distributed using fake applications (for example, “BaDoink” and "PhotoViewer").

android koler ransomware spread using badoink fake app

Other known variants of this ransomware are proliferated using text message spam. An infected mobile device sends an SMS message to all contacts in the address book ("Someone made a profile named ‘contact's name’ and he uploaded some of your photos! is that you?”) followed by a link leading to a Dropbox page. Android device users who follow this link will inadvertently download a “PhotoViewer” application, which launches the screen-locking message.

android koler ransomware spread using photoviewer fake app

Screenshots of mobile devices locked by the Koler ransomware virus targeting different counties (Koler Android ransomware Trojan - demanding a payment of $300 using MoneyPak, PaySafeCard, or Ukash):

Norway: KRIMINALPOLITISENTRALEN - OBS! Nelefonen din har blitt blokkert av sikkerhetsmessige grunner nevnt nedenfor.
Finland: POLIISIHALLITUKSEN - HOUMIO! Puhelin on lukittu turvallisuuden vuoksi allamainittujen syiden takia.
Australia: AFP. Crime Commision (ACC) - ATTENTION! Your phone has been blocked up for safety reasons listed below.

android ransomware targeting Finland Norway and Australia

USA: Mandiant U.S.A. Cyber Security FBI. Department of Defense - Your Phone has been blocked up for safety reasons listed below.
Spain: GRUPO DE DELITOS TELEMATICOS - Atención! Su teléfono ha sido bloqueado por razones de seguridad vistos los motivos abajo detallados.
Germany: - BUNDESPOLIZEI, GVU - WARNUNG! Zugang von Ihrem Telefon wurde vorläufig aus den unten aufgelisteten Gründen gesperrt.

android ransomware targeting USA Germany and Spain

Ireland: GARDA, The Guardians of the Peace of Ireland - Your Phone has been blocked up for safety reasons listed below.
Mexico: SSP - Atención! Su teléfono ha sido bloqueado por razones de seguridad vistos los motivos abajo detallados.
Netherlands: - ATTENTE! Uw telefoon wordt geblokkeerd om veiligheidsoverwegingen wegens de hieronder aangegeven redenen.

android ransomware targeting Mexico Ireland and Netherlands

Switzerland: FEDPOL. BundesKriminalPolizei - WARNUNG! Zugang von Ihrem Telefon wurde vorläufig aus den unten aufgelisteten Gründen gesperrt.
United Kingdom: PCeU, Metropolitan British Police - ATTENTION! Your phone has been blocked up for safety reasons listed below.
Poland: Polizja Biuro Służby Kryminalnej - Panska telefon zostal zablokowany ze wzgledow bezpieczenstwa z wskazanych nizej przyczyn.

 android ransomware targeting Switzerland United Kingdom and Poland

France: POLICE NATIONALE - ATTENTION! Votre telephone est bloque des raisons de sécurité suivantes.
New Zealand: New Zealand E-crime Lab - ATTENTION! Your phone has been blocked up for safety reasons listed below.
Portugal: POLICIA JUDICIARIA DE PORTUGAL - ATENÇÃO! O seu telefone esta bloqueado por razoes de segurança, pelas seguintes razoes.

android ransomware targeting France Portugal and New Zeland

Slovakia: Policajnehi Zboru - VAROVANIE! Vas telefon je uzamknuty z bezpecnostnych dovodov by z nasledujucich dovodov.
Slovenia: NACIONALNI PREISKOVALNI URAD - POZOR! Vas spletni telefon je blokiran iz varnostnih razlogov nizje.
Turkey: JANDARMA GENEL KOMUTANLIGI - DIKKAT! Telefon guvenlik hususunda asagidaki nedenlerle bloke edilmis.

android ransomware targeting Slovenia Slovakia and Turkey

Text presented in Koler Android ransomware virus:

Mandiant U.S.A. Cyber Security
FBI Department Defense
U.S.A Cyber Crime Center

ATTENTION! Your phone has been blocked up for safety reasons listed below. All the actions performed on this phone are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law. The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you. Amount of fine is 300$. You can settle the fine with MoneyPak xress Packet vouchers. As soon as the money arrives to the Treasury account, your phone will be unblocked and all information will be decrypted in course of 24 hours.

FBI Android ransomware virus:

Distributed using a fake Android application named “Porndroid”.

android porndroid app used for spreading FBI ransomware

Users who install this fake app are presented with a ransom-demanding notification (false accusations of viewing child pornography).

Screenshot of a mobile device locked by FBI Android ransomware virus (demanding a payment of $500 using MoneyPak):

android fbi ransomware

Text presented in FBI Android ransomware virus:


As a result of full scanning of your device, some suspicious files have been found and your attendance of the forbidden pornographic sites has been fixed. For this reason your device has been locked. Information on your location and snapshots containing your face have been uploaded on the FBI Cyber Crime Department’s data center. First of all, familiarize with the positions stated in the section “The Legal Basis of Violations”. According to these positions your actions bear criminal character, and you are a criminal subject. The penalty as a base measure of punishment on you which you are obliged to pay in a current of three calendar days is opposed. The size of the penalty is $500

Attention! Disconnection of disposal of the device or your attempts to unlock the device independently will be apprehended as unapproved actions interfering the execution of the law of the United States of America (read section 1509 - obstruction of court orders and section 1510 - obstruction of criminal investigations). In this case and in case of penalty non-payment in a current of tree calendar days from the date of this notification, the total amount of penalty will be tripled and the respective fines will be charged to the outstanding penalty. In case of dissent with the indicted prosecution, you have the right to challenge it in court. To make a penalty payment, go to section “Payment Penalties”.

Update - 14 September, 2015 - Another variant of this ransomware is capable of changing victims PIN for the lock screen. The malware itself is spread through fake adult videos which install a rogue application called "Porn Droid" on the victims device. After successful infiltration this malicious app gains Device Administrator privileges by tricking users into installing a fake update patch. After gaining the administrator privileges this ransomware presents it's victims with a fake message which supposedly was sent by FBI demanding to pay a fine of $500 for watching forbidden pornographic sites, moreover it changes the PIN lock of the compromised device. To remove the PIN lock users should reset their devices to factory defaults.

android pinlock changing ransomware

Update 13 April 2016 - A new ransomware called Sonorousness started attacking Android users. Cyber criminals are using a name Cyber.Police to trick mobile users into paying a fake fine for supposedly watching illegal pornography. This ransomware installs on victim’s device by impersonating an application that supposedly delivers porn media.

Screenshot of Sonorousness ransomware:

sonorousness android ransomware

Text presented in this ransomware:

CYBER.POLICE American national security agency

ATTENTION! YOUR DEVICE HAS BEEN LOCKED REASONS INDICATED BELOW. Remaining time to pay a fine. Otherwise the case file will be transferred to the court. All actions are illegal, are fixed. History query stored in the database of the U.S. Department of Homeland Security. To unblock your device and close your case you should pay a $200 file to Treasury account. Pay to unblock device with iTunes Gift Card. Your case will be closed immediately after the transaction processing! Avoid becoming a fraud’s victim! Evade the scams, that ask you to afford you iTunes Gift Card. Please, observe following rules for your safety: You mustn’t give your prepaid card number or your bank account details, till you are absolutely sure, that the person is conscientious. Remember, if somebody asks you to buy a iTunes Gift Card, it is a scam. Don;t show or report your iTunes Gift Card Code to anyone. Use only approved Apple partners.

Update 25 April 2016 - A new ransomware was discovered targeting Android usurer who file in Russia. This ransomware is being distributed using fake Android applications named “Домашний Порно Изврат”, “RootChecker” and “Porn Video HUB+”.

Here are some screenshots of Android ransomware targeted at users from Russia:

android russian ransomware sample 1 android russian ransomware sample 2 android russian ransomware sample 3

Fake applications (“Домашний Порно Изврат”, “RootChecker” and “Porn Video HUB+”) used in distribution of these ransomware infections:

android russian ransomware “Домашний Порно Изврат” android russian ransomware “RootChecker” android russian ransomware “Porn Video HUB+”

Ransom demanding message presented in this scam (accusing Android users of viewing child pornography, etc):

ВАШЕ УСТРОЙСТВО ЗАБЛОКИРОВАНО!За Просмотр запретного контента с элементами ПЕДОФИЛИИ, НАСИЛИЯ, ИНЦЕСТА, ЗООФИЛИИ и ГЕЙ-ПОРНО который строго запрещён Законом РФ загружены на сервер МВД,будет передано е прокуратору РФ в случае не оплаты штрафа,даже если вы разблокируете телефон самостоятельно! Причина блокировки обслуживания - посещение и просмотр запрещенных интернет ресурсов содержащие элементы порнографии с участием несовершеннолетних, элементы ПЕДОФИЛИИ, НАСИЛИЯ, ИНЦЕСТА, ЗООФИЛИИ и ГЕЙ-ПОРНО.  Для предотвращения открытия уголовного дела и возобновления доступа к устройству,удалению всех Ваших данных с сервера, Вам необходимо оплатить штраф в размере 1000 Рублей в течении 15 часов. Следуйте инструкциям для оплаты:
1. Найдите терминал сотовой связи для оплаты VISA QIW1 WА1[Е7. 2. Введите номер телефона + 79688220910 З. В поле коментарий введите код -В1)95284680 4. Оплатите 1000 рублей 5. После поступления оплаты Ваше устройство будет автоматически разблокировано и все данные удалены с сервера в течении 3 часов. Если оплата не поступит в течении 15ч, ВСЕМ контактам Вашего телефона, а так же ВСЕМ Вашим контактам социальных сетей будет отправлено смс сообщение, о том что на вас заведено уголовное дело за просмотр ДЕТСКОЙ ПОРНОГРАФИИ. Попытки разблокировать телефон самостоятельно приведут к ПОЛНОЙ БЛОКИРОВКЕ Вашего телефона, а видео с Вашим участием будет ВЫЛОЖЕНО в социальные сети и УоиТиЬе с пометкой ПЕДОФИЛИЯ.А так же все данные с Вашего телефона будут переданны в ПРОКУРАТУРУ РФ для возбуждения уголовного дела.
Проверить оплату

How to remove “Your device has been blocked” ransomware from an Android tablet of phone?

Ransomware notifications (that are impossible to close) are loaded from third party rogue applications. For example: BaDoink, VideoViewer, VideoPlayer, Network Driver System, Video Render, and PornDroid among many others. To eliminate the screen-blocking message, you must uninstall the rogue application which causes it.

Boot your Android device into Safe Mode:

1. Hold down the power button on your device.

2. In the opened notification window, long-press the "Power off" option.

booting android device into safe mode step 1

3. In the opened window, confirm that you wish to boot into Safe Mode by tapping "OK".

booting android device into safe mode step 3

4. When your phone or tablet reboots, you should see a "Safe Mode" watermark (at the bottom of the screen). Go to your device Settings menu, tap “Apps” or “Application manager”. Touch the application you wish to uninstall (which causes the rogue ransom-demanding message to appear on your device, for example, PornDroid).

Some newer Android devices boot into Safe Mode by holding the volume up and volume down button simultaneously when restarting.

To protect your Android device from these ransomware infections, disallow third party application installation. Go to “Settings”, select “Security”, scroll down and uncheck the “Unkown sources” box.

android disabling unknown sources app installation


Doing a hard core factory reset also helps. This happened to my sons phone, luckily I typed in his phone type and found walk - thru videos on how to get pass this harmful virus. So put in your phone type (Samsung, Android, Google, etc) then type in the search how to do a hard core factory reset. You could try a soft factory reset, though on my sons phone, it didn't work. Youtube has very helpful videos on this matter. His was called porn hub, I just did the hardcore reset and his phone works like brand new. How this information is helpful to someone else, this situation was scary! How I put the two together, it asking for a prepaid gift card. The FBI doesn't ask for money when situations like this happen. Which I did reach out to my local police station and told them what happened, which is what got me thinking about searching it up in the search engine and trying to figure it out myself. If anything, take it too your cell phone provider and see if they can assist you as well.

Madkill61501 Anonymous

problem im having is i cant restart my phone

Ashley Dawn Laws

I think I got the fbi screen off now it took me to a screen where I have to enter a pin to get into phone. Can anyone help with tha??? I'm on a Samsung galaxy 3

Wesley Drake

Mine doesn't even allow me to use my screen!!!! Help!!!!

Russell Cooksey

I have Samsung j3 Luna pro. Got it to safe mode, but my 4digit security code locking the screen has been changed. And not by me. What do I do now? Please someone help me. I need my phone info asap


I can’t find no safe mode nothing is showing up and after about 10 seconds it comes back, what do I do?

Seth Rieker

I got my phone to enter Safe Mode, but now I need a PIN to get in. The ransomware was PornDroid, if that helps

Kanisa Turnbo

I can not get to my settings in safe mode my screen is locked and it will not accept my pin.


it wont show the little menu that shows power off restart

QueenKaayy La

Its crazy because i got this phone years ago i have a different one now but i charged it so i can get an audio and bluetooth it to my new phone beforw something happened to it and when i did i was playing around on it looking at games i used to play and i clicked the internet on an accident and seen a porn website and i seen a picture of a man and a baby naked and it looked like he was about to rape it so i long pressed it to save it to the phone so i could share it and tell the world about these websites and how they need to be discovered and shut down it said to veiw video you need to download this app so i did and bam it took a picture of me and said it was going to contact everyone in my contacts and that i need to pay $500 in 3 days or im going to prison like sone made up fake stuff but now im stuck on this page and cant get off unless i pay $500 and im not doing that lol these hackers really want some money

QueenKaayy La

This just happened to me right now but my phone is stuck on one screen like all of this law stuff and i cant click home or even reset it so i cant do anything

Fran Ritchie

I have inadvertently started 'install' of this file on my phone. Stopped the phone by removing the battery as it won't respond to the off button. I have tried putting it back on and pressing the volume buttons but no safe mode appear, and the file just keeps trying to install (immediately after start up). Help! (I have anti-virus installed, but not sure I want to take a chance ...).

Samuel Frank Campbell

True That!

Samuel Frank Campbell

This is so true I wanted to give up so many times, thanks to reading this post I kept trying to focus first on getting into safe-mode finally I kept holding the volume up and down key at the same time wallah I was in, from there I went straight to settings and applications manager found the last download I had no doubt it was the corrupt application uninstantiated it along with a few other applications I don't have time to use, and Rebooted to get out of safe mode. The chat line wanted to charge something like $59.00 pay up front guaranteed to work. Doing the homework! Feels Good, High Five! Thank You! ~ Samuel F Campbell

Mark Rhoderick

i have a samsung galaxy s6 and i can't get the power down pop up window to show up i have been holding the power button for ages but nothings happening, what do i do?

Mart de Jong

I'm using a Samsung galaxy S6 and I can't turn off my phone to get it into save mode!!!!

Ron Miller

When i hold everything down on my phone it wil reboot it but it never goes into safe mode and i still have the problem.

Mya Babbie msp

I did the following but when i tapped the porndroid porn hub thing it would not let me uninstall it please help me!

Adam Alvarado

I have a tab a galaxy tablet that has a block fbi virus and won't shut off or anything what can I do


That means the ransomware was in an app you installed yourself so.. be carefull


All it says is just uninstall the device(photoviewer, badoink, or porndroid) "in apps"and uncheck the "unknown sources" which is in the security and all this is in settings, but also you will have to reboot to safe mode. Thank you person who made this blog, you really helped if my mom and dad found out they would of kill me so thix.:)

Christine Hunter

I have a Samsung Note 2. I removed this easily last time it happened by the above method but this time uninstall is not highlighted. I tried going into system /security/device administrator and I activate it but it doesnt bring up a list of viruses fir me to check and system update remains unhighlighted and I cannkt uninstall please help


Okay, so my phone is an UK Samsung Galaxy III and the Police Virus appeared on my phone around 2 hours ago. You know, with the whole: “ATTENTION! Your phone has been blocked up for safety reasons" thing. My advice would be to scroll down these comments and read this article above. It saved my phone, absolutely.
1. So first you'd power down. (Hold the power button remove battery, etc)
2. Then you'd restart (press power button again, insert battery again, etc)
3. Whilst restarting you'd hold down the 'lower volume' button until you're phone would restart with a 'Safe Mode' feature at the bottom.
4. Then you'd go to Settings~ More~ Application Manager~ All
5. And then you'd scroll down the page until you'd find the 'System Update'~ 1.13 MB app. UNINSTALL THE DAMN THING IMMEDIATELY.
6. Et voila!
(I hope this helped, honestly. And another big thank you to 'Mike' on the comments for helping me.)


Thank you so much!!!!!! You have no idea how long I spent searching for the blasted app, and because of you I've found it! Thank you again!

lissa bridge

I cant get my phone in safe mode it comes up with manual and u use volume key to select but no option gor safe mode. I have a galaxy a3. My message cones up only in the internet browser asking for mobey, saying its blocked and ive commited an offence. Please help

David Molina Jr.

My app is the same but it is set as administrator and i cant take it off. I try to take it off so it wont be administrator but the safe mode thing turns off


Yes I saw it on my S3 too ! I didnt unistall it but its gone leats I know what to uninstall when it will happen again :D


My android phone just got hit with this virus today. It freaked me out at first because I wasn't aware of it. The whole "pay us $200 in iTunes gift vouchers" thing gave it away as unofficial though.
Thanks for the comments on this site because it helped me know how to get rid of the virus. It was called "System Update" on my phone, but had a different icon as can be seen on the image I've included.

I'm on a Galaxy S3 and got into safe mode by holding the volume down button when the animated samsung logo appeared.

Thanks again


I love you internet

Jack Marascio

jack from brooklyn ny would like to thank you
my acer iconia tab had the security virus
i followed your steps and the virus is gone
in apps mine was security update

thank you

Apple jack

This is the only site that helped me since the cyber.police police virus got on my mom's tab 2 and it was taking me a while on how to go in to safe mode and this site helped me with that and with finding the virus app. The comments helped me figure it out after uninstalling a bunch of apps and you guys made me realize it was security update which I would have have never thought of without reading these comments. Thanks so much everyone.

Becky Mantle

what next will it be safe after this and it was under system update aswell.


"To protect your Android device from these ransomware infections, disallow third party application installation. Go to “Settings”, select “Security”, scroll down and uncheck the “Unkown sources” box."....My Galaxy Note 10.1 was infected even though this box was already unchecked....Was easy to get rid of though....I would love to get my hands on one of you hackers


Thanks a lot.. I got "Systém Update" as well on Galaxy Tab 2 and it was possible to unistall directly from safe mode through settings -> apps -> downloaded...


Thanks very much for the advice. I was able to access safemode and remove the virus from my Galaxy Note 10.1. FYI my app was called 'System Update'. Rebooted and the tablet is fine.


Go on settings > security > system administration. You will see a list, you need to untick the virus as it has admin over your phone currently. It may be under a different name but once deautherised you can delete,


thank you God bless you


John... thanks for this advice... it got me into the safe mode and I deleted systems update which has worked the trick. Once again thanks for sharing


tnx for replaying this virus installed an xxvideo app that i cant uninstall it

Sue Wright

i was just hit with the virus im holding the power button down but the fbi screan is still there and i cant see the power off screan what do i do


I woke up this morning, and couldn't get access threw my phone. I was so worried like what the HELL just happened. thanks to this website it helped me get threw it. I tried pressing long on the power off button, but it didn't work for my type of phone, however, i tried holding on the volume down button and it worked. thanks to u again

keith hope

Hi my name is keith and I had a malicious virus on my Samsung Note 2 . thanks to your advice I at last managed to erase the culprit after several hours of pulling my hair out!! you are a star!!!


Imy still not sure how to do this I went to application manager but I don't know what to do from there if I get on something it says I can Uninstall updates but I can't get rid of it and this is on Samsung galaxy s4 please help I need to get back into my tablet I have very important stuff to take care of. And if you help thank you and thank you anyways for this advice.


I Stupidly paid the money as could not see anything to show that it wasn't legit! until I could get back on the web! that's money down the drain!!!


Yes my husband has had this happen to him 3 times on hs cell whoever is doing this needs to spend time in prison for scamming and falsely accusing someone of porn that is not looking at. How did they get my husband's pic when there isnt any on his phone?


System Update was the culprit on my case too. Thanks for this.



So. . . this happened to me this morning. I'm in the U.S. and using an older Pantech droid. Got the scary FBI- looking-msg of "Pay Now. Your phone is locked" etc. etc. Turned off the phone, took the battery out, turned it back on. Nope. Message still there. (Repeat. Feeling more and more panic coming on).

I contacted my Verizon service provider, but, ultimately they said I should probably call Tech Support. I called one of the local outlets to see if they assist with getting rid of viruses and they told me a) maybe get a new phone - (of course. And I don't want that option) or b)it may have to come down to them doing a Factory Reset - which would delete everrrrryything. Okay. I decided I would keep that as my last option. I just want to use my dumb, simple little phone again.

So, I turned off the phone and did some online searching on the office PC. But after reading all sorts of articles, nothing really made me feel confident that I'd be able to get rid of this thing - - I'm not really tech-savvy. (Er, hence the older model of phone).

Anyway, I figured out how to do the Safe Mode thing (on mine, when I decided to turn on the phone again, I kept pressing the Volume key down and that's how I got to Safe Mode. Those two words appeared on the bottom right of my screen).

So, the culprit wasn't visible at first. But, as I still delete cache and cookies from individual apps, I was able to single out one app that simply didn't belong, and yes, it disguised itself as a 'Security Update' or something akin to that nature. It didn't have the little droid guy next to it, but, instead it almost looked like an Eye. Not kidding. I uninstalled that piece of junk STAT and hoped for the best. Then I turned off my phone, waited a bit, took a deep breath before turning it back on annnd - - -

Voila! Things seem normal!! (Sure hope they are).

THANK YOU THANK YOU to all the Internet Army who go online and try to help others like me in this situation. Viruses and the awful people who make and send them are just evil.

Good Luck to everyone else out there - - there's hope!!

Julia Themelis

hey, how exactly did you do it on the s2?? i've been trying to figure it out for hours, thanks

Aaron Lowe

Happened on my Samsung S2. Uninstalled "Systems update" fixed the problem thanks. I was just about to storm to the police station and yell at the police lol

stuart hitchens

I recently installed an app on my phone which used clickjacking ransomware to gain admin access and now I cant unadmin it no matter how much I click deactivate. Help!

About the author:

Tomas Meskauskas

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for since 2010. Follow me on Twitter to stay informed about the latest tech news or online security threats. Contact Tomas Meskauskas.

Our guides are free. However, if you want to support us you can send us a donation.