Visiting certain websites, such as pornography or streaming services, may also trigger its installation. Once installed, the ransomware hijacks your device and locks it. At this point, it will demand payment to restore the device, often masquerading as national law enforcement to scare you. 

Within Australia the virus may present itself as the AFP, State Police, or your state transport department, claiming you owe unpaid fines that you must pay to unlock your device. It may also accuse you of storing and viewing banned pornographic material that you must pay to have removed from your device. This form of the virus is known as the Police Virus, but it is important to note that authorities will never use screen lockers to collect fines from you. 

Detecting mobile phone ransomware 

It can be difficult to detect this form of ransomware since it is usually installed without your knowledge. It is not until the app locks the phone and demands a ransom that you may even be aware that there is a virus on your phone. 

The answer is to detect suspicious URLs and apps prior to executing the malware. This can be achieved by ensuring your settings are set to ‘verify apps’ with the user prior to installation, and to avoid any suspicious links whose origins you aren’t sure of. 

Preventing mobile phone ransomware 

There are a few steps you can take to make sure that your phone stays virus free 

  • ‍Install reputable antivirus and malware programs on your phones and run scans regularly. 
  • Avoid sites with questionable reputations and be aware of what you are purchasing/installing on the app stores. 
  • Read app reviews where available before you download the app and take note of complaints. 
  • Backup your phone data to a cloud service or another device so recovery may be possible. 
  • Regularly update your mobile phone’s software. 
  • Check your phone’s security settings are set to disallow third party application installations from unknown sources. 

Responding to mobile phone ransomware 

If you have been infected with this virus, you can do the following to unlock your Android phone and minimise damage: 

  • ‍Boot your phone in Safe Mode by holding down the power button, then long-pressing the ‘Power Off’ option. (This varies with devices so check your phone manual if you are unsure). 
  • When the device reboots, you should see a ‘Safe Mode’ watermark. Go to your device settings menu and access your apps manager, and uninstall the rogue app. This should remove it from your system, and you can reboot your phone out of safe mode. N.B.: This may not work for all instances of infection. 
  • For iOS (Apple) users contact your local Apple service provider. 
  • If you have concerns about your personal information contact IDCARE

Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provide do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the alert or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.

Other fact sheets

Our Fact Sheets offer important information on how to prepare, prevent, detect and respond to Identity theft and other cyber related issues.
Dealing with Debt Collectors

Debt collectors work to collect debts on the behalf of business and government.

view fact sheet
Theft of your Identity Documents

Identity theft is a type of fraud that involves the theft of someone’s personal information.

view fact sheet
Suppressions - New Zealand

When a suppression is put in place it basically ‘freezes’ access to your credit file.

view fact sheet

Success Stories!


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Counsellors to learn more about our Support Services and how we can help you.   
Call IDCARE Icon


1300 432 273
Mon - Fri : 8am - 5pm AEST

Call IDCARE Icon


0800 201 415
Mon - Fri: 10am - 7pm NZST