I got an email saying that illegal materials were found on my computer and it would be locked until I paid a fine. Is this a scam?
Yes, this sounds like a common blackmail scam called ransomware. Ransomware is an email, website or pop-up window that displays warnings about possible illegal activities and demands payment before you can access your files and programs again. Delete the email and report it immediately.
Do you think you might have already fallen for a ransomware scam? Find out what to do.
Trojan:Win32/Crilock.A Nasty Ransomware You Need to Guard Against
On September 10th, 2013, a new ransomware known as Trojan:Win32/Crilock.A began attacking computers all over the Internet, locking users out of their PCs and putting sensitive information at risk. If your computer gets it, then you're in for a world of hurt. Here are the details on what this virus does and what you can do to prevent it.
How Does it Infect Your PC?
Trojan:Win32/Crilock.A is a malware downloaded by other malware. This means you don't have to directly download it; therefore, careful Internet browsing and keeping an eye out for this particular threat might not be enough.
There's a chance that the malware responsible for downloading this virus is already on your computer, just waiting to receive its command to download the Trojan:Win32/Crilock.A (an action that doesn't require your permission). One preventive action you can take is to make sure your antivirus software is up to date and you have downloaded the latest virus definitions, which should include information on the new Trojan:Win32/Crilock.A. Take the time to run a virus scan so that your antivirus software can identify and remove all the malware on your PC, including the one responsible for downloading Trojan:Win32/Crilock.A.
How Bad is It?
Once your PC is infected with Trojan:Win32/Crilock.A, it will make changes to your Windows registry to ensure that it will run every time you boot your PC. This plays right into a user's instinctive reaction to restart their computer as soon as they notice things starting to get buggy. In this virus scenario, a restart will not help because the Trojan:Win32/Crilock.A will make changes to your registry with every restart.
With the virus fully installed on your system, it will then lock you out of your desktop with a browser window taking up the full screen. With you locked out, the virus will then encrypt the files on your PC like your fixed and remote drives in order to prevent you from accessing them. This is a classic example of what's known as "ransomware", because the virus will literally hold your PC ransom.
What Does it Want?
Like any classic ransom scenario, the Trojan:Win32/Crilock.A wants your money. The ransomware is nice enough to walk you through easy-to-follow menus so you can make a payment. It will even tell you which friendly retailer you can visit to obtain this payment option. Additionally, while you are locked out of your PC, your sensitive information is being accessed.
How Can You Stop It?
Trojan:Win32/Crilock.A is a pretty nasty virus. If your computer is infected with it, then the best course of action is to wipe your drive and load your uninfected backed up data. You will also want to scan your backed up data to make sure it's clean. Paying the ransom will let you access your computer, but it will not get rid of the virus. Even if you pay the money the virus will still be installed on your machine, waiting for the opportune time to strike again.