Koler targets Android OS and spreads via infected websites and SMS messages designed to trick recipients into clicking on a malicious link hidden behind a URL shortener. It blocks the device screen with a persistent window showing a fake law enforcement warning and a demand for payment in the form of MoneyPak prepaid debit cards. Despite ransom note claims, Koler does not actually encrypt any files on the device.
UPDATE 6/24/2017: A new Koler campaign aimed at U.S. Android device users surfaced in late June 2017.
- Information on how to remove Koler from an Android device can be found here.