/ Technology

Don’t be fooled by the ransomware scam

Laptop with toy policemen

It begins with a scary-looking pop-up on your computer, and it could end with you having to fork out hundreds of pounds to get your files back. Have you been hit by the ransomware scam?

Ransomware is a scam that’s designed to scare. When it infects your computer, it blocks you from accessing it, or even encrypts your files. Worst of all, it does so under the guise of authority.

We’ve heard from Which? members who’ve seen pop-up messages purporting to be from local police forces, accusing them of carrying out illegal activities on their computer. The virus then warns that unless an on-the-spot fine is paid, they’ll lose the use of their PC altogether.

Ransomware scam

An example of the ransomware scam (click to enlarge)

Mike Jones was just one victim of this growing scam. He was watching a video on YouTube when his computer screen suddenly displayed a message claiming to be from the local police. The message said he’d been using the web illegally and that he faced time in prison unless he paid a fine. Mike comments:

‘Obviously, I thought this was a scam and I got in touch with the police force to ask what I should do. They took me through the right steps, and we got rid of it, but I had another message a few months later. It was a pain more than anything else, and frustrating.’

Thousands affected by ransomware scams

According to the National Fraud Intelligence Bureau, there were more than 7,000 cases of ransomware fraud reported in the UK between April and September 2013.

But this figure only indicates victims who contacted the authorities. The National Crime Agency says millions of Britons have been targeted and risk losing their data to hackers.

The criminals behind these viruses are turning the screw, with one recent version, CryptoLocker, even encrypting victims’ files. You’re charged for a key-code to decrypt the scrambled data, and without this, your photos, documents and music can’t be opened. In short, it’s old-fashioned extortion with a modern, digital twist.

Don’t pay the ransom

CryptoLocker is unusual in that security forums say people who have paid up have been able to restore their files. According to experts monitoring the CryptoLocker attacks, the crooks have been honouring their side of the bargain.

Yet, quite rightly, Officials say you should never pay a computer ransom, mainly due to fears that paying will encourage more attacks and that the money could be used to fund other criminal activities.

Even if things feel desperate, there are steps you can take to remove the virus from your system. By booting up in Safe mode, you can restore your PC to an earlier time point then run an updated virus scan to clean your system out.

The best defence of all is to keep your security settings watertight by making sure your software is always up to date. It’s always a good idea to keep your most important files backed up on a hard drive or online in cloud storage, so if a virus attacks your PC, you’ll have vital backups in place. You can get detailed advice on how to spot and remove ransomware here.

Have you been hit by the ransomware scam? What did you do?

Comments
Profile photo of william
Member

Sadly yes, its happened to one of my PCs. After the initial 20 secs shock of what the he!! have I done to get that. Within 20 mins I’d cleaned it off. Doing it manually does give a nice sense of achievement though. This was a few years back before they started encrypting files.

I then replaced that pc with the replacement I’d had in its box for 6 months that I’d been putting off, which has MSE running all the time on it.

Member
Alistair says:
24 January 2014

Singularly unhelpful if you own a Mac. I expect Which? to do better than this. Most of us are not computer savvy and need to be directed to a site where we get good instructions along the lines of what William did to fix his computer. Do we know where this scam comes from? Is there nothing our great leaders can do to protect us from these people? I despair.

Profile photo of dave
Member

You don’t need to worry about Cryptolocker on Mac, at least not yet.

Member

I had this recently, supposedly from Cheshire Police. Puzzlingly, apart from the pop-up page nothing seems to have happened. I have Norton antivirus installed but it doesn’t seem to have registered catching anything at the time it happened. I’ve scanned the computer with Norton and other products and found nothing. No files have been locked, encrypted or deleted – very strange!

Profile photo of kvet
Member

I had trouble with the police ransomware scam. I got round it easily enough because my wife is a separate user and I used her site and the “restore” program to go to an earlier setting. It seemed to work well enough without any data loss.
Microsoft’s antivirus Security Essentials is very effective, but strangely enough their antimalware is pretty hopeless, so having read about it on the BBC website I tried Malwarebites antimalware.The trial run was so effective I paid £20 for a lifelong licence. It blocks malware in real time, and supposedly is the only effective protection against Cryptolocker.

Profile photo of dave
Member

Which? advises keeping backups on hard drives but Cryptolocker will encrypt those too. Be sure to disconnect external hard drives from your PC after taking backups.

Backups should be safe in the cloud but not many of us will find it cost effective or practical to back up all our data – movies, photos, music, etc. – to cloud storage.

Member
Mike McCourt says:
30 January 2014

I have an external hard drive to back up my PC and is only connected to the PC when I do a backup.
That way I can (hopefully) ensure the backup drive remains virus free. Hope this helps.

Profile photo of mark
Member

Backup, backup, backup! It’s not just a “good idea” to backup your files, it’s absolutely essential. Make lots of backups to different destinations, cloud, external HDDs, writable DVD/Bluerays etc. You can lose data at any time for lots of reasons, not just due to a virus/malware.

Cryptlocker only affects Windows AFAIK but everyone should be vigilant. Cryptlocker usually spreads by fake email attachments. Therefore never open an attachment, even if it appears to be from a friend, unless you are 100% sure it is genuine. Microsoft actually makes it easier for this scam to work by hiding file extensions by default. The first thing you should do is change this setting so you can see what email attachments actually are.

A Virus scanner is useful, but it won’t pick up all malware. They will take time to detect new programs.

Finally, since Cryptlocker encrypts data files and not system files, running a system restore, as the Which guide suggests will not help. In fact do NOT follow the Which instructions at all.
If you think you may have this Virus I would recommend powering down your computer immediately, removing the hard disk and taking it to an expert. If you power it up and run an antimalware scan the cryptlocker program could be encrypting more files and making the situation worse for you.

Member
Paul says:
26 January 2014

I had one saying it was from Cheshire Police. I could not close the pop up. I closed Firefox which I was on at the time. When I went back on Firefox the pop up was back. I Have CCleaner on my computer so I switched off Firefox and ran CCleaner and when I went back on Firefox it was gone.

Profile photo of MikeD
Member

I have not come across anyone that has actually lost data having received the pop-up in question. It happened to me a month ago and is obviously a scam as no files were ever locked (or wiped) and my AV software which has real-time protection did not react.

I note that Which quote ‘security forum’ users saying they have been victims of ‘Cryptoclocker’ and those that paid up had their files released. I doubt they were ever locked in the first place. Where is the REAL evidence for this? There will always be users faced with the threat of action from the police (where the web page looks very realistic and even shows the genuine logo of their local police force) that will just pay up anyway regardless of any assumed threat to their data.

As for the Which user that called the police, I would love to know who he spoke to. When I had a case of criminal fraud associated with a debit card, the police said I should take it up with the card issuer as they had no time for investigating ‘individual cases’. I find it very difficult to believe that they would have time to help one victim of an obvious scam let alone remove infected code which did not exist anyway.

Member

One of my friends got this warning on her MAC yesterday.
I wasn’t around at the time so she asked a local repair shop to fix it.
I don’t know for sure what the fix is but I found the following links interesting:
https://blog.malwarebytes.org/fraud-scam/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/

This describes the FBI ransomware but I’m assuming the Police one is from the same family.

This link describes the Cheshire Police version but has a similar fix:
http://laptapos.com/ransomware/how-to-remove-cheshire-police-virus-from-your-browser/

From reading these it looks to me like the infection on a MAC is only in the browser (so no Cryptolocker).

I would also have thought that if you get this ransomware from visiting a website you should report it to someone (Google perhaps). However I do not know (and have not found from my searches so far) how exactly you go about this.

Member
devilix123987 says:
1 June 2015

i have this virus on my tablet, how can i remove it? i can’t find anything online :/

Member
angry jon says:
5 June 2015

This is a absolute liberty. I downloaded an app whih was really some other app hidden without concentrating i pressed install which by then it was too late it screwed up my S3 and no matter how hard i tried to do anything it blocked me and when i tried the safety mode it didn’t give me an option how i got to delete the app was by holding the power button down until it went off then held both sides of rocker volume down constantly untill it fired up and thankfully it fired up in safety mode which let me delete the hidden app anyway hope this helps Samsung users.

This comment has been edited because some visitors may find some of the language offensive and abusive. Please have a read through our commenting guidelines. Thanks, mods]

Profile photo of Pj
Member

Hi could you tell me what app you deleted-we can’t find any which look suspicious

Member

switch your computer off then switch on…. no problem

Profile photo of Colinm19
Member

Watching Youtube Video and randomly it comes up and says that i have been watching child pornography and that i had been fines £100,000 and i have to pay immediately. I panicked for about 5 secs then remembered some stories about this very thing.

I switched my Laptop off then switched it on again and ran a scan nothing was detected. Finally ran a malware scan and it deleted a few infected files

Profile photo of duncan lucas
Member

In 6-2-2014 in operation=Game Over the FBI disabled the original cryptolocker but since a variant has appeared still calling itself cryptolocker but really known as =Torrent Locker . It used to be possible using Shadow copy files to re-instate your files but now they are wise to that and use=vssadmin delete shadows. Having said that if you pay for a good virus service most of them now include blocking software the free versions dont. It has been proved one virus protection program is not enough (although on your computer only one can be live ) I have many extra ones active on the web as well as many for doing scans and removals but the active web ones ,including protection plug-ins on my browser alert me to websites and block bad ones -both my paid for protection and the add-ons -big page comes up giving me full details of the threat. Be warned there are now “drive-by ” viruses you only have to visit some sites to infect yourself. Be prepared ! its war out there .

Member
simon watts says:
14 May 2016

ive just had this to day switched of my pc n turned it back on again nothing has come up does that mean I’m fine or will they hit you wen the time runs out

Member
Keith says:
27 May 2016

Our Samsung ipad has been hit. I’ve got it into safe mode but cannot see any untoward apps that should be deleted. Any ideas anyone?

Profile photo of Andrew Collins
Member

Thanks for your comment Keith, although, I’m sorry to hear that your device has caught something nasty!

I’m keen to help out, but it’d be great if you could you let me know what device you’re using, either an Apple iPad or a Samsung tablet?

Member
David says:
19 January 2017

It often happens to me watching free adult material on my iPad. It locks out safari. The easiest way to get rid of this is to have a TAB to a new web site on your desktop and just close down safari. Open up the web on the desktop TAB (that you have already placed there to any web site) then go to the top right double square TAB top right of the explorer, this shows all pages that are open in safari including the scam page. Just swipe these pages to the side to close down that page… hey presto… GONE. Only works on iPad this way and iPhones too I’m guessing.

Profile photo of duncan lucas
Member

No offence David but by “adult material do you mean naked females/soft porn ? I should warn you that the number one type of “entertainment ” that hackers are attracted to in the form of downloading malware onto your computer is this stuff . The web is full of warnings about it as well as that a record of what you download is kept so if you were looking for that secure government job -well ??? . It is also used to blackmail you with , lower your prestige and standing in the community , its only yesterday a downloader was arrested and convicted with downloading porn . Many have tried that in emails to me I have never opened up or clicked on this type of thing nor will I ever do . Now you may wonder that this is coming from me a believer in Freedom and definitely anti-PC , the reason is this is not a “freedom ” I wish to be associated with , its the lowering of the morals of the public to make them open to corruption and I never thought I would be saying this –in this instance I entirely agree with the Feminists , why should others make money out of naked women ? If women want to do it so be it and Continental countries have very open views on it but it is BB round the world and it doesn’t stop at soft porn , you then get drugs as is happening in the US -legalise pot and pressure groups are touting the same message in this country I just hope TM doesn’t give in to it. So be warned Which watchers download this type of stuff and don’t be surprised if your Windows machine starts to cause problems.