/ Technology

Don’t be fooled by the ransomware scam

Laptop with toy policemen

It begins with a scary-looking pop-up on your computer, and it could end with you having to fork out hundreds of pounds to get your files back. Have you been hit by the ransomware scam?

Ransomware is a scam that’s designed to scare. When it infects your computer, it blocks you from accessing it, or even encrypts your files. Worst of all, it does so under the guise of authority.

We’ve heard from Which? members who’ve seen pop-up messages purporting to be from local police forces, accusing them of carrying out illegal activities on their computer. The virus then warns that unless an on-the-spot fine is paid, they’ll lose the use of their PC altogether.

Ransomware scam

An example of the ransomware scam (click to enlarge)

Mike Jones was just one victim of this growing scam. He was watching a video on YouTube when his computer screen suddenly displayed a message claiming to be from the local police. The message said he’d been using the web illegally and that he faced time in prison unless he paid a fine. Mike comments:

‘Obviously, I thought this was a scam and I got in touch with the police force to ask what I should do. They took me through the right steps, and we got rid of it, but I had another message a few months later. It was a pain more than anything else, and frustrating.’

Thousands affected by ransomware scams

According to the National Fraud Intelligence Bureau, there were more than 7,000 cases of ransomware fraud reported in the UK between April and September 2013.

But this figure only indicates victims who contacted the authorities. The National Crime Agency says millions of Britons have been targeted and risk losing their data to hackers.

The criminals behind these viruses are turning the screw, with one recent version, CryptoLocker, even encrypting victims’ files. You’re charged for a key-code to decrypt the scrambled data, and without this, your photos, documents and music can’t be opened. In short, it’s old-fashioned extortion with a modern, digital twist.

Don’t pay the ransom

CryptoLocker is unusual in that security forums say people who have paid up have been able to restore their files. According to experts monitoring the CryptoLocker attacks, the crooks have been honouring their side of the bargain.

Yet, quite rightly, Officials say you should never pay a computer ransom, mainly due to fears that paying will encourage more attacks and that the money could be used to fund other criminal activities.

Even if things feel desperate, there are steps you can take to remove the virus from your system. By booting up in Safe mode, you can restore your PC to an earlier time point then run an updated virus scan to clean your system out.

The best defence of all is to keep your security settings watertight by making sure your software is always up to date. It’s always a good idea to keep your most important files backed up on a hard drive or online in cloud storage, so if a virus attacks your PC, you’ll have vital backups in place. You can get detailed advice on how to spot and remove ransomware here.

Have you been hit by the ransomware scam? What did you do?


Sadly yes, its happened to one of my PCs. After the initial 20 secs shock of what the he!! have I done to get that. Within 20 mins I’d cleaned it off. Doing it manually does give a nice sense of achievement though. This was a few years back before they started encrypting files.

I then replaced that pc with the replacement I’d had in its box for 6 months that I’d been putting off, which has MSE running all the time on it.

Singularly unhelpful if you own a Mac. I expect Which? to do better than this. Most of us are not computer savvy and need to be directed to a site where we get good instructions along the lines of what William did to fix his computer. Do we know where this scam comes from? Is there nothing our great leaders can do to protect us from these people? I despair.

You don’t need to worry about Cryptolocker on Mac, at least not yet.

I had this recently, supposedly from Cheshire Police. Puzzlingly, apart from the pop-up page nothing seems to have happened. I have Norton antivirus installed but it doesn’t seem to have registered catching anything at the time it happened. I’ve scanned the computer with Norton and other products and found nothing. No files have been locked, encrypted or deleted – very strange!

I had trouble with the police ransomware scam. I got round it easily enough because my wife is a separate user and I used her site and the “restore” program to go to an earlier setting. It seemed to work well enough without any data loss.
Microsoft’s antivirus Security Essentials is very effective, but strangely enough their antimalware is pretty hopeless, so having read about it on the BBC website I tried Malwarebites antimalware.The trial run was so effective I paid £20 for a lifelong licence. It blocks malware in real time, and supposedly is the only effective protection against Cryptolocker.

Which? advises keeping backups on hard drives but Cryptolocker will encrypt those too. Be sure to disconnect external hard drives from your PC after taking backups.

Backups should be safe in the cloud but not many of us will find it cost effective or practical to back up all our data – movies, photos, music, etc. – to cloud storage.

Mike McCourt says:
30 January 2014

I have an external hard drive to back up my PC and is only connected to the PC when I do a backup.
That way I can (hopefully) ensure the backup drive remains virus free. Hope this helps.

Backup, backup, backup! It’s not just a “good idea” to backup your files, it’s absolutely essential. Make lots of backups to different destinations, cloud, external HDDs, writable DVD/Bluerays etc. You can lose data at any time for lots of reasons, not just due to a virus/malware.

Cryptlocker only affects Windows AFAIK but everyone should be vigilant. Cryptlocker usually spreads by fake email attachments. Therefore never open an attachment, even if it appears to be from a friend, unless you are 100% sure it is genuine. Microsoft actually makes it easier for this scam to work by hiding file extensions by default. The first thing you should do is change this setting so you can see what email attachments actually are.

A Virus scanner is useful, but it won’t pick up all malware. They will take time to detect new programs.

Finally, since Cryptlocker encrypts data files and not system files, running a system restore, as the Which guide suggests will not help. In fact do NOT follow the Which instructions at all.
If you think you may have this Virus I would recommend powering down your computer immediately, removing the hard disk and taking it to an expert. If you power it up and run an antimalware scan the cryptlocker program could be encrypting more files and making the situation worse for you.

Paul says:
26 January 2014

I had one saying it was from Cheshire Police. I could not close the pop up. I closed Firefox which I was on at the time. When I went back on Firefox the pop up was back. I Have CCleaner on my computer so I switched off Firefox and ran CCleaner and when I went back on Firefox it was gone.

I have not come across anyone that has actually lost data having received the pop-up in question. It happened to me a month ago and is obviously a scam as no files were ever locked (or wiped) and my AV software which has real-time protection did not react.

I note that Which quote ‘security forum’ users saying they have been victims of ‘Cryptoclocker’ and those that paid up had their files released. I doubt they were ever locked in the first place. Where is the REAL evidence for this? There will always be users faced with the threat of action from the police (where the web page looks very realistic and even shows the genuine logo of their local police force) that will just pay up anyway regardless of any assumed threat to their data.

As for the Which user that called the police, I would love to know who he spoke to. When I had a case of criminal fraud associated with a debit card, the police said I should take it up with the card issuer as they had no time for investigating ‘individual cases’. I find it very difficult to believe that they would have time to help one victim of an obvious scam let alone remove infected code which did not exist anyway.

One of my friends got this warning on her MAC yesterday.
I wasn’t around at the time so she asked a local repair shop to fix it.
I don’t know for sure what the fix is but I found the following links interesting:

This describes the FBI ransomware but I’m assuming the Police one is from the same family.

This link describes the Cheshire Police version but has a similar fix:

From reading these it looks to me like the infection on a MAC is only in the browser (so no Cryptolocker).

I would also have thought that if you get this ransomware from visiting a website you should report it to someone (Google perhaps). However I do not know (and have not found from my searches so far) how exactly you go about this.

devilix123987 says:
1 June 2015

i have this virus on my tablet, how can i remove it? i can’t find anything online :/

angry jon says:
5 June 2015

This is a absolute liberty. I downloaded an app whih was really some other app hidden without concentrating i pressed install which by then it was too late it screwed up my S3 and no matter how hard i tried to do anything it blocked me and when i tried the safety mode it didn’t give me an option how i got to delete the app was by holding the power button down until it went off then held both sides of rocker volume down constantly untill it fired up and thankfully it fired up in safety mode which let me delete the hidden app anyway hope this helps Samsung users.

This comment has been edited because some visitors may find some of the language offensive and abusive. Please have a read through our commenting guidelines. Thanks, mods]

Hi could you tell me what app you deleted-we can’t find any which look suspicious

switch your computer off then switch on…. no problem

Watching Youtube Video and randomly it comes up and says that i have been watching child pornography and that i had been fines £100,000 and i have to pay immediately. I panicked for about 5 secs then remembered some stories about this very thing.

I switched my Laptop off then switched it on again and ran a scan nothing was detected. Finally ran a malware scan and it deleted a few infected files

This comment was removed at the request of the user

ive just had this to day switched of my pc n turned it back on again nothing has come up does that mean I’m fine or will they hit you wen the time runs out

Our Samsung ipad has been hit. I’ve got it into safe mode but cannot see any untoward apps that should be deleted. Any ideas anyone?

Thanks for your comment Keith, although, I’m sorry to hear that your device has caught something nasty!

I’m keen to help out, but it’d be great if you could you let me know what device you’re using, either an Apple iPad or a Samsung tablet?

David says:
19 January 2017

It often happens to me watching free adult material on my iPad. It locks out safari. The easiest way to get rid of this is to have a TAB to a new web site on your desktop and just close down safari. Open up the web on the desktop TAB (that you have already placed there to any web site) then go to the top right double square TAB top right of the explorer, this shows all pages that are open in safari including the scam page. Just swipe these pages to the side to close down that page… hey presto… GONE. Only works on iPad this way and iPhones too I’m guessing.

This comment was removed at the request of the user

rffr says:
1 February 2019


Yes, I have listened to it, when it arrived everyone was scared of it, I am also using a device and I am using McAfee antivirus in it. I did not get any major issue but I found that my antivirus is not working properly on my pc, that time I searched for McAfee customer service and this site I found
https://babasupport.org/antivirus/mcafee-customer-service/959. it helped me a lot now whenever I feel that I need technical help for this I prefer this.

Ray collins says:
1 February 2019

Recently, a Windows 10 ransomware scam has been discovered in the form of phishing emails impersonating Microsoft. This is typically much worse than your average spyware or spam, as the crooks behind the ransomware can ask for a great deal of money, in this case having a backup of data is necessary and for protection of data from being lost experts from data recovery helps a lot.

pete says:
3 May 2019

getting lots of these from some moron calling himself Taylor You- claims to have video footage of me whereas my pc has no vid cam or mike attached-common sense tells me he’s telling porkies !
thanks to Microsoft’s refusal to add a Email blocker to it’s mail programs (unless I buy office 365), , my only way to block these blackmail attempts is to add them to Norton’s anti-spam blocked sender’s list each day, as they arrive in my inbox.
unfortunately, I am unable to track them back to the source.