The Gardai are warning the public to be aware of a computer scam which utilises Garda logos to make it look like an official communique from An Garda Siochana. That malware detects which country the computer is located in and pops up a warning on the computer screen telling the user their computer has been used for illegal purposes and has subsequently been locked by the police.
The computer can be unlocked by the user paying a “fine” which will provide the user with access to the computer.
A similar ransomware campaign has been ongoing within other countries over the past few months targeting users in the US, Canada, the UK, Finland, and a number of other countries.
Needless to say this is a complete scam and people should not pay any ransom. The Irish Times and The Journal.ie both cover the story on their wbsites.
To protect against this type of attack people should take the following steps;
- Ensure that they are using a valid anti-virus piece of software
- Make sure their anti-virus software is working and up to date.
- Confirm that the firewall on your PC is enabled.
- Keep their PC updated with the latest versions of software and that all security patches are applied.
- In particular people should ensure their web browser is kept up to date. Do not click on any links or attachments in emails unless absolutely sure they are genuine.
- Keep a regular backup of all your data and keep the backup in a secure location.
- Only install software from trusted sources.
Europol has issued a guide (PDF file) outlining a number of recommendations on how to protect yourself from this malware.
Microsoft has also published guidelines on protecting your PC.
If you find your PC is infected with this malware you should;
- Download a rescue CD to clean the infection from your computer. Anti-virus companies such as Sophos, F-Secure and AVG provide these tools for free.
- Microsoft provides a step-by-step guide on how to manually remove the malware from your computer.
- Alternatively seek help from a reputable computer service company to deal with the issue.
A spokesperson for the Gardai said “People should not share their bank details or pay out any money. If your computer becomes infected by this malicious software, all affected computers should be repaired by a reputable repair person.”
If you have been infected by this malware and you have paid the ransom, the Gardai recommend that you contact your local Garda station and report it to them.
The Gardaí have provided a screenshot of what an affected computer might look like: