Department of Justice Ransomware Removal
By Richard Hay for Windows Observer
Stop! Don’t pay $300 to get rid of that scary looking warning on your PC.–PC Pitstop
This weekend I received a call from someone for an urgent computer issue concerning an alert that was being displayed every time they booted up their computer and logged into their account.
Over the phone they explained to me what they were seeing which was this image:
They were unable to do anything else on their PC as this was blocking their ability to close it or access any other resources on the machine.
When I went to check out the issue I booted up the PC and got the same image and lockout. The only way to shut the computer down was to press and hold the power button so I did that and attempted to boot into Safe Mode which almost immediately blue screened the machine.
Of course this is a ransom ware trojan known as Win32/Tobfy.S and has been around for a while. In fact, the FBI and DOJ have successfully prosecuted rings relating to this and similar scareware.
I asked my client what was their first reaction and they said it was to go get the $300 money card and send the payment through the ransom ware.
After taking a closer look they started to realize that some elements of the graphic did not make sense.
Some of the things that increased their doubt about the validity of this notice were:
•An indication that their activities were being recorded through the computers camera but they do not have a camera on the computer. You can see where this could get some folks because many machines do have webcams installed.
•They did not use their computers in any of the activities they were accused of participating in.
•They suspected something fishy with the DOJ contacting them in this manner, expecting payment with 48 hours and the threat of all of their hard drive contents being erased.
This excerpt appears with permission from Windows Observer.