YourComputerHasBeenLockedA few months ago a relatively new kind of computer virus started to infect the computers of users around the world.  So called Ransomware (MoneyPak scam) computer viruses and malware take control of a user’s computer, locking them out of even the most basic functionality.  In addition to the computer lockout the malware puts up threatening messages that claim to be from various government agencies demanding money for the release of the computer.

Two of the most common variants of Ransomware virus come in the form of lockouts from either the FBI or The United States Department of Justice.   Either version will convey the message that your computer has been locked (or blocked) for committing crimes such as file sharing; illegal software downloads or even the viewing and/or distribution of child pornography.  The sophistication of the virus is such that many variants are capable of tracking your IP address, geographical location and taking control of your webcam.  The result is that for many users, the virus is a very believable and frightening occurrence.

The ransom part of the malware comes in the form of an ultimatum for the infected user.  Pay a fine, usually in the amount of $200, or have your computer confiscated with the possibility of a court summons and jail time.  Whether or not a user pays the fine is irrelevant as their computer will remain infected, but many users fall to the scam out of fear of further prosecution.

Example Message: Your computer has been blocked. The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Example Message: Your computer has been blocked
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Ransomware viruses are typically picked up by “drive-by” download when visiting disreputable websites or from the use of Torrent file sharing.  The most important thing is that users are educated in the existence of the virus; ignorance only allows the virus to spread and for users to fall victim to the ploy.  This is especially important if the virus is encountered in an office setting as many employees may feel embarrassed or frightened by the false charges and thus choose not to report the issue immediately, which will only make the problem worse.

If you or someone you know has encountered the virus, don’t freak out, it is fixable.  The procedure can, however, be time consuming and is fairly technical, requiring you to restart your computer in safe mode and methodically remove all instances of the infection. Your best bet is to contact an IT professional to sort out the problem but if you must address the problem personally, Malwarebytes and Symantec offer free tools that will expedite the procedure.

– Richard Keene
IT Computer Support of New York
Design and Optimization Department