/ Technology

Don’t be fooled by the ransomware scam

Laptop with toy policemen

It begins with a scary-looking pop-up on your computer, and it could end with you having to fork out hundreds of pounds to get your files back. Have you been hit by the ransomware scam?

Ransomware is a scam that’s designed to scare. When it infects your computer, it blocks you from accessing it, or even encrypts your files. Worst of all, it does so under the guise of authority.

We’ve heard from Which? members who’ve seen pop-up messages purporting to be from local police forces, accusing them of carrying out illegal activities on their computer. The virus then warns that unless an on-the-spot fine is paid, they’ll lose the use of their PC altogether.

Ransomware scam

An example of the ransomware scam (click to enlarge)

Mike Jones was just one victim of this growing scam. He was watching a video on YouTube when his computer screen suddenly displayed a message claiming to be from the local police. The message said he’d been using the web illegally and that he faced time in prison unless he paid a fine. Mike comments:

‘Obviously, I thought this was a scam and I got in touch with the police force to ask what I should do. They took me through the right steps, and we got rid of it, but I had another message a few months later. It was a pain more than anything else, and frustrating.’

Thousands affected by ransomware scams

According to the National Fraud Intelligence Bureau, there were more than 7,000 cases of ransomware fraud reported in the UK between April and September 2013.

But this figure only indicates victims who contacted the authorities. The National Crime Agency says millions of Britons have been targeted and risk losing their data to hackers.

The criminals behind these viruses are turning the screw, with one recent version, CryptoLocker, even encrypting victims’ files. You’re charged for a key-code to decrypt the scrambled data, and without this, your photos, documents and music can’t be opened. In short, it’s old-fashioned extortion with a modern, digital twist.

Don’t pay the ransom

CryptoLocker is unusual in that security forums say people who have paid up have been able to restore their files. According to experts monitoring the CryptoLocker attacks, the crooks have been honouring their side of the bargain.

Yet, quite rightly, Officials say you should never pay a computer ransom, mainly due to fears that paying will encourage more attacks and that the money could be used to fund other criminal activities.

Even if things feel desperate, there are steps you can take to remove the virus from your system. By booting up in Safe mode, you can restore your PC to an earlier time point then run an updated virus scan to clean your system out.

The best defence of all is to keep your security settings watertight by making sure your software is always up to date. It’s always a good idea to keep your most important files backed up on a hard drive or online in cloud storage, so if a virus attacks your PC, you’ll have vital backups in place. You can get detailed advice on how to spot and remove ransomware here.

Have you been hit by the ransomware scam? What did you do?

Comments
Member

Sadly yes, its happened to one of my PCs. After the initial 20 secs shock of what the he!! have I done to get that. Within 20 mins I’d cleaned it off. Doing it manually does give a nice sense of achievement though. This was a few years back before they started encrypting files.

I then replaced that pc with the replacement I’d had in its box for 6 months that I’d been putting off, which has MSE running all the time on it.

Member
Alistair says:
24 January 2014

Singularly unhelpful if you own a Mac. I expect Which? to do better than this. Most of us are not computer savvy and need to be directed to a site where we get good instructions along the lines of what William did to fix his computer. Do we know where this scam comes from? Is there nothing our great leaders can do to protect us from these people? I despair.

Member

You don’t need to worry about Cryptolocker on Mac, at least not yet.

Member

I had this recently, supposedly from Cheshire Police. Puzzlingly, apart from the pop-up page nothing seems to have happened. I have Norton antivirus installed but it doesn’t seem to have registered catching anything at the time it happened. I’ve scanned the computer with Norton and other products and found nothing. No files have been locked, encrypted or deleted – very strange!

Member

I had trouble with the police ransomware scam. I got round it easily enough because my wife is a separate user and I used her site and the “restore” program to go to an earlier setting. It seemed to work well enough without any data loss.
Microsoft’s antivirus Security Essentials is very effective, but strangely enough their antimalware is pretty hopeless, so having read about it on the BBC website I tried Malwarebites antimalware.The trial run was so effective I paid £20 for a lifelong licence. It blocks malware in real time, and supposedly is the only effective protection against Cryptolocker.

Member

Which? advises keeping backups on hard drives but Cryptolocker will encrypt those too. Be sure to disconnect external hard drives from your PC after taking backups.

Backups should be safe in the cloud but not many of us will find it cost effective or practical to back up all our data – movies, photos, music, etc. – to cloud storage.

Member
Mike McCourt says:
30 January 2014

I have an external hard drive to back up my PC and is only connected to the PC when I do a backup.
That way I can (hopefully) ensure the backup drive remains virus free. Hope this helps.

Member

Backup, backup, backup! It’s not just a “good idea” to backup your files, it’s absolutely essential. Make lots of backups to different destinations, cloud, external HDDs, writable DVD/Bluerays etc. You can lose data at any time for lots of reasons, not just due to a virus/malware.

Cryptlocker only affects Windows AFAIK but everyone should be vigilant. Cryptlocker usually spreads by fake email attachments. Therefore never open an attachment, even if it appears to be from a friend, unless you are 100% sure it is genuine. Microsoft actually makes it easier for this scam to work by hiding file extensions by default. The first thing you should do is change this setting so you can see what email attachments actually are.

A Virus scanner is useful, but it won’t pick up all malware. They will take time to detect new programs.

Finally, since Cryptlocker encrypts data files and not system files, running a system restore, as the Which guide suggests will not help. In fact do NOT follow the Which instructions at all.
If you think you may have this Virus I would recommend powering down your computer immediately, removing the hard disk and taking it to an expert. If you power it up and run an antimalware scan the cryptlocker program could be encrypting more files and making the situation worse for you.