This latest ransomware variant, purporting to be from a “Stop Online Piracy Automatic Protection System”, informs you that your PC has been used to to download copyright infringing material, child pornography or illegal software, and is consequently included in a “S.O.P.A. IP Black List”.
The malware encrypts all your data files and holds them hostage, offering to decrypt them for a fee. Send the criminals $200.00 via ‘MoneyPak’ and they promise to then send you a code to unlock the files, allowing you to regain access. The usual dire warning is included… “If you don’t pay the fine within 72 hours at the amount of $200.00 USD, all your computer data will be erased.” The fee for those victims residing outside America and Canada is reportedly 200 Euros, so North Americans are apparently getting some sort of discount.
This is a pretty clever scam, relying on the fact that probably everyone, at one time or another, has downloaded material which is (or possibly could be) deemed to infringe copyright. One rather unique element of this particular ransomware is an offer by the criminals to prove that they can actually decrypt the files. You send them a single encrypted file via the email address provided in the message, and they will decipher and return the readable file.
DCT’s Advice:
This is a very nasty form of ransomware, decryption is generally reliant on access to (or knowledge of) the original encryption key. Yet another very good reason why backups, and especially full system images, should be a part of everyone’s survival kit.
All users should follow the often conveyed advice and always keep anti-malware and other security products up-to-date and activated, plus stay current with software patches. If your machine does become infected with this malware, we urge you not to comply with the criminal’s demands. However, this is largely reliant on your ability to restore from a clean backup – if you haven’t already implemented a comprehensive backup strategy, right now would be a good time to start.
What! Is this the Government doing this? I do have back-ups and a mirror image but this is highway robbery. Of course this is nothing new from our beloved congress. Thanks for the warning.
No TT, this has nothing to do with the actual SOPA or the Government. It’s malware distributed by criminals, using the SOPA name to try and scare people into giving them money.
Sorry if I mislead you.
What a coincidence! A friend called me just the other day to tell me his computer was locked up by the FBI. 🙂 He needed help so I popped two USB sticks in my pocket and headed out. One USB had the Microsoft Stand alone System Sweeper on it and the other had Ubuntu 12.04 on it. First thing I did was to boot the MSSB and run the scan. It identified a random gibberish filename as the culprit. However, it would not allow it to be deleted so I made a note of the filename and location. Then I booted into Ubuntu and went looking for the filename noted above. Just to be safe I renamed the file so it wouldn’t be found or run including a folder full of the images used in the display of said page. Rebooted to Windows and he was up and running again. We ran his online Norton AV and it didn’t find anything, but I need to run a Malware program, clean the registry, and delete all the associated files. I was surprised at how quickly I was able to get him back and running again. I’ve never run into an actual virus before so it was an interesting lesson.
Thanks for your great heads upon this latest scourge!! Could you provide a link to the best article or a credible article that provides detailed instructions and content about how to “implement a comprehensive backup strategy” and create a ” full system image” (detailed Steps, and hardware, software suggested etc.) Thank you.
It’s a topic which has actually been well covered. However, it’s also a topic which can bear repeating so, we’ll see what we can put together over the nest week along the lines of a guide.
Stay tuned!
Hi again, coicidence! My Husban’s computer just got the lockdown message. Can the thugs actually erase his files???? We have no intention to give them money. We just don’t know exactly what we need to do to start over. Do we let them erace the files? Do we have to wait 72 hours before we start over? Help!
Hi TT – Oh no! Sorry to hear that mate. I seriously doubt the crooks could actually erase the files, more likely the files have been encrypted. The end result is pretty much the same anyway, you won’t be able to access those files.
Is this the exact same message as detailed in the above article, or something else? Who is the lockdown message from?
If it’s the same as, or similar to, the one in the article:
Do have any backups of your personal data, and/or a system image perhaps?
If you have saved an image you can just restore the system to a previous state from that.
If not then you don’t have a lot of options. Do NOT pay the crooks under any circumstances… in fact, do not initiate any kind of contact with them.
Your best bet would be to start all over… either from a Recovery Partition (restore to factory settings) or via clean installation. Unfortunately, this means that if you haven’t backed up you personal data, you are going to lose it all.
Cheers… Jim
Hi Jim thanks for the info. Do we just format the hard drive? Or just install right over this mess? His screen does not look like the one above, It says it is from the FBI and has the government seal of the Department of Justice I can take a picture of it if you want and email it to you. It also says that a criminal case will be initiated against you automatically. It does ask for $200 to unlock his computer. Let me know what you want me to do.
Okay, then this could be something else entirely.
Can you still access all your files okay? Are you actually locked out of anything?
I think it’s best if I see the actual message. I’ll send you an email at the address you used to subscribe, you can then just reply to that and include a screenshot of the message.
Sending now!