Ransomware are a special category of malware that block the victim’s computer and require the payment of a ransom. In such a situation, the victim should never pay the ransom demanded. The website stopransomware.fr brings together useful information to educate users and help victims protect themselves against these risks, as well as cleaning their computers when such a virus has affected them.

Some important ideas to remember:

• Police agencies have no right to block your computer remotely. They will never claim a fine by blocking your personal computer.
• No law enforcement or tax agency requires the payment of a fine by means of payment such as Paysafecard , Ukash , MoneyPak, Western Union, etc..
• If you are a victim of ransomware, the only solution is to clean your computer. Additionnaly, it is likely that other viruses, that remain unnoticed, were installed without your knowledge.

There are different types of ransomware; here is a quick overview.

Police ransomware

Since mid-2011, the authors use the logos of law enforcement agencies or other agencies with investigative powers to request the payment of a fine. Others pose as security solutions.

If you want to know more about police ransomware or visualise screenshots specific to your country, you can navigate to the corresponding page on the botnets.fr Wiki.

Encrypting ransomware

Another type of ransomware encrypts the user’s documents: access to documents is impossible as long as you do not have the decryption key. These variants demand a sum of money in exchange for the key. This is usually done via a text file left on the desktop.

or other variants like these ones show pop-up messages (see Malekal’s blog):

Unfortunately, with this variant, it is almost impossible to decipher the documents: NEVER PAY, the malware authors never give away the decryption keys.

Blocking malware with advertising

A more recent type of ransomware blocks the victim’s computer and invites them to click on advertisement banners. The author of the virus collects revenues from each of those clicks. Here is a sample with this variant: