Ransomware

October 31, 2012

Recently a customer called me as his computer had been locked by an infection showing the screen below:

Ransomware

As the screen was locked I had to use my camera phone to take the image.  It claimed that the PC had been locked because of detected illicit activity and demanded payment of a fine of £100 within 48 hours to release the PC.  There are instructions about how the fine can be paid.

There was no response to the keyboard or mouse and so the only way out was to press the power button until the computer shut off.  On re-booting, the computer was fine.  It had Kaspersky Internet Security installed and had all of its Windows, Java and Flash Player updates.  This did not stop the initial lockdown of the pc but in the meantime the Trojan that caused the problem was deleted by Kaspersky.  On re-boot it had gone.

A few days earlier I had dealt with a similar problem where the computer was left infected and it took a lot more work to clean up.  In this case the PC was loaded with Microsoft Vista but had no Service Packs and was grossly out-of-date.  Furthermore, the Norton Internet Security had expired and was also out-of-date.  Java was out of date and so it went on!

The moral of the story is to always allow Windows updates to install, have a good security suite such as Kaspersky Internet Security running and keep features such as Java, Flash Player and Adobe Reader up-to-date.  Then you have a good chance of surviving attacks like this quite easily.  Whatever you do, DON’T PAY THE CRIMINALS!