Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 166 - November, 2013 (2nd Edition) - Page 37

'Really Bad Virus' Warning

Issue 166 Start Menu

Previous Article            Next Article

Circulating social media message warns users about a "really bad virus" that can encrypt your entire computer and show a message demanding that you send $300 to a specified address.

Encrypted vector badge

© Len Neighbors

Brief Analysis
The message apparently attempts to describe a CryptoLocker Ransomware infection. The core claims in the message are valid. However, the warning lacks clarity and does not provide enough information to help people avoid a CryptoLocker infection or effectively deal with one.  In fact, it does not even name the threat. The message's value as a warning is therefore significantly diminished. More information and links to reputable resources about the threat are included in the detailed analysis below.

Bookmark and Share

Hey this is a warning BE CAREFUL ANF BACK UP YOUR COMPUTER. There is  a really bad virus out there now that infects though e-mail with or without attachments!!! It slowly encrypts your entire computer with a 200 something bit encryption and then after its done its shows msg on your screen that says to send $300 to an address. Don't try to kill the virus as it will only make it worse. Can cause physical damage!!!

you have to wipe drive and start new. sorry for bad news

Detailed Analysis

This circulating social media post warns users about a "really bad virus" that can "encrypt your entire computer" before displaying a message demanding that you send $300 to a specified address. It further warns that trying to kill the virus will only make the infection worse and can cause physical damage. It advises that, if infected, you will need to wipe your hard drive and start over.   

The message is apparently attempting to warn users about a CryptoLocker ransomware infection. CryptoLocker ransomware can indeed encrypt files on the infected computer and will demand that users pay between $100 and $300 to have the files released. 

The introduction to a comprehensive guide to CryptoLocker published on explains:
CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

The malware is generally spread via email attachments in seemingly legitimate emails that claim to be from high profile companies such as FedEx or UPS.
There is currently no way of decrypting the locked files other than to pay the required ransom. And, if users do not pay up within the specified time, the decryption key, which is stored on the criminal's server, will be destroyed and your files will likely remain forever locked.

If you have uninfected backups, you may be able to remove the infection and restore your files. However, depending on how your backup system is configured, it is possible that the malware may have also infected your backup files.

Thus, Cryptolocker is a significant threat and computer users would certainly be wise to make themselves aware of it.

However, the above message actually does a rather dismal job of educating users about the threat and telling them what to do about it should their computers become infected.

The warning does not even name the threat, nor does it describe in any meaningful way how the ransomware is distributed.  And, the malware does not encrypt the entire computer as claimed in the mesaage, but rather locks up certain types of files. Computers with the infection are still operable.

The warning does not link to any expert advisories on the topic that would provide recipients with further information. And, the rather cryptic claim that the malware can "cause physical damage" is misleading. If victims do not pay, they may never recover their files, but there is no suggestion that the infection will physically damage the computer's hardware.  Moreover, while users may not regain access to the encrypted files, the malware itself can be removed without "wiping the hard drive".

Thus, although the message's creator probably had good intentions, its value and validity as a warning about CryptoLocker is greatly eroded. If you wish to ensure that your friends are aware of the very real threat posed by Cryptolocker, it would be better to send them a link to a reliable and regularly updated article such as that provided by BleepingComputer rather than pass on the above - rather garbled and ineffective - message.

Bookmark and Share

Last updated: October 30, 2013
First published: October 30, 2013
Research: Joshua Brunson and Brett Christensen
By Brett M. Christensen
About Hoax-Slayer

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

Previous Article            Next Article

Issue 166 Start Menu

Pages in this issue:
  1. Philippines Typhoon Disaster Scams
  2. Wedding Invitation Malware Emails
  3. 'Suspicious Guy Claiming He is You' Spam Emails
  4. Hunting Family Posing With Dead Elephant Picture
  5. 'Missing Persons in Australia' Facebook Like-Farming Scam
  6. Baby Iko Facebook Sick Child Hoax
  7. 'Young Romanian Woman' Car Crash Scam Warning
  8. No, Scientists in Texas are NOT Going to Use Sex Offenders for Medical Research
  9. Facebook Hate Campaign Against Keely Currie
  10. Chinese Teleportation Road Rescue Video
  11. PlayStation 4 Like and Share Giveaway Facebook Scam
  12. Circulating Video of Girl Throwing Puppies Causing Outrage
  13. 'Bizarre Unknown' Fish Caught in Malaysia Not So Mysterious
  14. No, The Bitstrips App is NOT an NSA Trojan
  15. 'Removing An Old Setting' Facebook Notification Message
  16. Did a Man in China Sue His Wife For Being Ugly?
  17. '200 Pieces of iPhone' Facebook Giveaway Scam
  18. Gmail '4 Missed Emails' Pharmacy Spam
  19. 'Freedom Award Lottery Promotion Agency' Facebook Page Scam
  20. Spider in Oreo Cookie Photograph
  21. 'Giant Fukushima Mutant Dog' Picture
  22. Oprah Winfrey is NOT Dead - Links in Message Lead to Rogue App
  23. ANZ Phishing Scam - 'We Detected a Login Attempt With a Valid Password'
  24. 'Microsoft Facebook Yahoo Windows Live Award' Advance Fee Scam
  25. Chemical Burns From Gel In Diaper Warning Message
  26. Charles F. Feeney 'Grant Donation' Advance Fee Scam
  27. False and Damaging Rumour - 'RSPCA Paid to Keep Quiet About Halal Slaughtering'
  28. 'Apple ID Information Updated' Phishing Scam
  29. ASDA Attempted Kidnapping Hoax
  30. Bogus Message Proclaims ' Christmas is banned: IT Offends Muslims'
  31. False Rumour - Patron at Cosmo Romford Finds Dog Microchip Wedged in Tooth
  32. Hoax - Picture of 'World's Largest Tortoise'
  33. Fogg Hill Wolf Kill Warning Poster
  34. NO, Obama is NOT Opening Free Gas Stations in Poor Neighborhoods
  35. Marks & Spencer Poppy Sales Three Percent False Rumour
  36. Westpac 'Login Attempt From Unrecognized Device' Phishing Scam
  37. 'Really Bad Virus' Warning
  38. Facebook Surcharge Hoax - £1 Per Month From January 2015
  39. BMW M5 Giveaway Like-Farming Scam
  40. 'Baby Andrei Needs Help' Facebook Page Donations Scam
  41. Beware of Fake Obamacare Websites
  42. 'Temporarily Blocked From Liking Pages' Facebook Message
  43. 'Pieces of iPad' Giveaway Facebook Scam
  44. Hoax - Hacking Group Anonymous Targeting Facebook Users With Giraffe Profile Pics
  45. Bogus Warning - Canned Fruit From Thailand Contaminated With HIV
  46. Giraffe Profile Picture Virus Hoax