Severity scale:  

Remove LeakerLocker ransomware / virus (Virus Removal Instructions) - Tutorial

removal by Lucia Danes - - | Type: Malware

LeakerLocker – Android malware that was spotted spreading in Google Play

The image of LeakerLocker ransomware virus

LeakerLocker is a new variant of Android ransomware that has been spotted spreading via two apps in Google Play store – “Wallpapers Blur HD” and “Booster & Cleaner Pro.“ This mobile malware[1] cannot encrypt files but threatens to leak sensitive victim’s information if she or he does not pay a ransom of $50 in 72 hours.

LeakerLocker virus locks device’s screen and delivers a pop-up window as soon as the user downloads one of the infected apps. It says that malware contains this information that will be sent to each phone and email contact if criminals won’t receive a “modest ransom” within the deadline:

  • Personal photos;
  • Contact numbers;
  • Send and received SMS;
  • Phone calls history;
  • Facebook messages;
  • Chrome visits history;
  • Full email texts;
  • GPS location history.

Crooks claim that all the personal data was transferred to their secure cloud. Thus, deletion of the LeakerLocker ransomware won’t protect personal files and data. However, these words might be just a threatening tactic used by cyber criminals in order to get as many ransoms as possible. Therefore, you should not rush click “Procceed” button and make the transaction.

No one knows if crooks copied your files, if they can publish this data or if they keep their words once they receive the ransom. The research has shown that malware can access particular data by communicating with its Command and Control (C&C) server. However, the situation does not seem as crooks want to make you believe.

What is more, even if you pay the ransom, they might ask for more money later. Therefore, demanded $50 might be just the beginning of swindling your money. Thus, it’s better to remove LeakerLocker from the Android device and hope for the best.

LeakerLocker removal requires not only uninstalling malicious apps but checking the system for other suspicious components. This task might be complicated, so we suggest automatic elimination option using mobile-friendly security software, for instance Reimage Reimage Cleaner Intego.

The picture of LeakerLockerLeakerLocker threatens to leak sensitive data if a victim does not transfer the ransom within 72 hours.

Two malicious apps were available on Google Play store

This version of Android virus spread via two apps in the official store:

  • Wallpapers Blur HD;
  • Booster & Cleaner Pro.

Researchers announced about these apps and Google removed them. However, they might spread in unofficial download websites or stores. Since McAfee research team discovered LeakerLocker,[2] these malicious apps were already downloaded thousands of times.

According to the analysis, “Wallpapers Blur HD” was downloaded 5,000 – 10,000 times. Meanwhile, the installation rate of “Booster & Cleaner Pro” is smaller. This malicious app was downloaded only from 1,000 to 5,000 times. The latter app has a pretty high rate. But judging from user’s reviews, it’s clear that they are fake.

However, “Wallpapers Blur HD” users note that the application requires access to irrelevant data, for instance, access to contacts, call logs or SMS. We want to point out that it’s important to read authorization agreements before installing the app.

If you chosen application seems to ask for lots of information that is not necessary for the operation, you should not give the access to such data. In this case, it’s obvious that wallpaper app does not need to get access to your contacts in order to operate.

It’s unknown what countries have suffered the most from this mobile malware. According to the primary data, the United States, Canada, and the United Kingdom[3] might be at the top of the list.

Uninstall LeakerLocker from your Android smartphone

Undoubtedly, LeakerLocker removal requires uninstalling “Wallpapers Blur HD” and “Booster & Cleaner Pro” from the phone. However, we also highly recommend scanning the system with security software and eliminate all malware-related components entirely.

However, malware can block Reimage Reimage Cleaner Intego or another your preferred security software. In this case, you may need to restart your Android to the Safe Mode by following these steps:

  1. Press the power button and press it until you see a menu. Click on the Power off option.
  2. You will receive a dialog window that asks to reboot the device to Safe Mode. Thus, click OK.

If you cannot reboot your device or remove LeakerLocker manually, please check manual Android removal instructions here.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages

Your opinion regarding LeakerLocker ransomware virus