Cheshire Police Ransomware

May 8, 2013

I was recently called by a customer whose computer had been totally locked by the “Cheshire Police Ransomware Virus”.  After starting the computer the normal desktop appeared for a few seconds and then the whole screen was filled with this:

cheshire-police-authority-ransomware

You could do nothing as the mouse and keyboard no longer worked.  The same happened if you booted into Safe Mode which is often used for troubleshooting.  The “Cheshire Police” screen claimed that the computer had been used for illegal downloads, child pornography …. The user had been very naughty!  A fine of £100 was demanded to unlock the PC.

Fortunately, I was able to remove the infection by booting the computer using a Puppy Linux disk that by-passes the Windows but let me look at the hard drive.  By hunting around, I was able to find the offending files and delete them.  I was then able to successfully boot into Windows, run some further scans to make sure that the computer was clean and everything was back to normal.

The infection is created by hackers who really know their stuff!  They unfortunately know how to bypass most of the usual antivirus programs.  Even so, it is very important that you keep your computer up to date.  Allow all Windows updates to install.  Update things like Flash Player, Java and other applications you have installed.  Uninstall programs you don’t need.  Many of you probably don’t need Java.  Uninstall it.  Web pages that need it would tell you anyway.  You can always download and install it again for free.