A pop-up screen accused the phone owner of accessing illegal pornography or pirating music and could not be removed.
However the ransomware was fake - and clearing the browser cache was actually enough to restore full access.
It ran on JavaScript, a code commonly employed by many websites.
The attackers demanded £100 in the form of an iTunes gift card with the code sent via text message to a designated mobile number, said security firm Lookout in a blog about the malware.