How to Use Avast's Ransomware Removal App
UPDATE 6/24/2014: An Avast representative says Avast Ransomware Removal detects more types of Android ransomware than just Simplocker.
Has your Android phone been infected with Simplocker or another type of encrypting ransonware, which infects Android phones and then encrypts files so that you can't access them? Avast Ransomware Removal might be the answer. The free app, from Czech security company Avast, can disable Simplocker or similar types of malware and get your files back for you.
Simplocker is the first true Android crypto-ransomware, but it won't be the last. In addition to blocking other apps, including the phone's Settings and Google Play Store apps, by displaying an obnoxious lockscreen message, Simplocker also encrypts the media files stored on the infected device's SD card. Avast Ransomware Removal eliminates the message screen and decrypts the encrypted media files.
Typically, if something is encrypted well, there is virtually no way to decrypt it without the encryption key (a sort of password that unscrambles encrypted files). However, Simplocker stores those encryption keys within its code.
"Avast reverse-engineered the key and put it inside our app," an Avast representative told Tom's Guide.
But don't download Avast Ransomware Removal unless you're already infected with ransomware. When the Avast Ransomware Removal app is installed, it constantly seizes focus -- or displays on top of everything else -- so as to cut in front of the ransomware's lockscreen message. That makes a phone just as unusable as it would be with Simplocker.
But if Simplocker blocks access to the Google Play app, how can you download Avast Ransomware Removal when you do need it? The trick is to download Avast Ransomware Removal remotely, via a computer. Here's how.
UPDATE 6/24/2014: An Avast representative told us that, in its current form, Avast Ransomware Removal detects "most" Android ransomware, not just Simplocker. However, it does not detect the ransomware known as Koler.A. Avast says it will continue to update the app as new ransomware threats appear on the Android platform.
1. In a browser window, navigate to the Google Play Store from your computer.
2. Click the Sign in button in the upper right if you aren't already signed into the same Google account as your Android device. If you are, skip to step 5.
3. Enter your Google email address and password.
4. (Optional) Enter your temporary second password, if you have two-step verification enabled.
5. Go to the "Avast Ransomware Removal" Google Play page by typing it into the search bar or clicking this direct link.
6. Click on the green "Install" button beneath the app's name. It will read "Installed" instead of "Install" if you have previously installed it on your phone.
7. In the pop-up that appears, make sure the correct Android device is selected in the dropdown menu (if you only have one device linked to your Google account, this will be the only one listed) and then click "Install."
8. Click "OK" on your computer screen.
9. On your Android device, go to your Notifications section and tap on the one that says "avast! Ransomware Removal." (The Notifications screen should be accessible even with a Simplocker infection. On most Android devices, such the Samsung Galaxy S4 used in this tutorial, the Notifications section is accessed by swiping your finger downward from the top of the screen.)
The app will launch and begin scanning your device for Simplocker and any files that have been encrypted by it. During this time, you will not be able to access any of your other apps. You can tap the "Home" button to return to your phone's home screen, but tapping any other app icon will relaunch the Avast Ransomware Removal screen.
10. Once the app is finished removing any Simplocker ransomware, tap the orange "Uninstall" button that appears at the bottom of the screen.
11. Tap "OK" in the following popup, and Avast Ransomware Removal will uninstall itself, so you can go back to using your phone normally.