This latest ransomware variant, purporting to be from a “Stop Online Piracy Automatic Protection System”, informs you that your PC has been used to to download copyright infringing material, child pornography or illegal software, and is consequently included in a “S.O.P.A. IP Black List”.
The malware encrypts all your data files and holds them hostage, offering to decrypt them for a fee. Send the criminals $200.00 via ‘MoneyPak’ and they promise to then send you a code to unlock the files, allowing you to regain access. The usual dire warning is included… “If you don’t pay the fine within 72 hours at the amount of $200.00 USD, all your computer data will be erased.” The fee for those victims residing outside America and Canada is reportedly 200 Euros, so North Americans are apparently getting some sort of discount.
This is a pretty clever scam, relying on the fact that probably everyone, at one time or another, has downloaded material which is (or possibly could be) deemed to infringe copyright. One rather unique element of this particular ransomware is an offer by the criminals to prove that they can actually decrypt the files. You send them a single encrypted file via the email address provided in the message, and they will decipher and return the readable file.
This is a very nasty form of ransomware, decryption is generally reliant on access to (or knowledge of) the original encryption key. Yet another very good reason why backups, and especially full system images, should be a part of everyone’s survival kit.
All users should follow the often conveyed advice and always keep anti-malware and other security products up-to-date and activated, plus stay current with software patches. If your machine does become infected with this malware, we urge you not to comply with the criminal’s demands. However, this is largely reliant on your ability to restore from a clean backup – if you haven’t already implemented a comprehensive backup strategy, right now would be a good time to start.