System Force I.T.

Ransom Ware Trojan Virus


Urgent warning – Ransomware computer viruses

Over the past few weeks, authorities in America have been making users in the USA aware of a new trend in computer viruses known as ‘ransomware’ which takes control of a victims computer and demands a ransom to restore the users data.

This week we have seen this new wave of computer viruses hitting the UK and infecting company networks with devastating effect. Yesterday alone, our security team detected over 220,000 of these new viruses trying to infect mail servers.


Ransomware viruses have different names, such as Reveton or Crypto Locker and they attempt to extort money from victims by encrypting or blocking access to every file on their computer without their knowledge, then demanding a ransom in order to undo the damage.

Most of us have seen the emails come through allegedly from a bank or building society claiming your account has been put on hold and to fill out the form in the zipped attachment to get it unlocked again. However the new strain of ransomware trojans have evolved pretending to come from a trusted source, club, organisation or companies such as EasyJet, Virgin Media, HMRC, AVG and even Amazon. But all are easily distinguishable as being fraudulent by the attached zip file.

When the zip file is activated, the virus installs itself onto that machine and looks for any network shares and then overwrites all the documents and files using cryptography and scrambling all the data. It will add itself into the registry so that it loads automatically every time you start Windows and logon.

Although the most common form of infection is via a zip file, we have seen first-hand that links are being sent or embedded into html files, sent to free accounts such as Tesco, Hotmail and Virgin. Unfortunately these emails require no user intervention.

When active, the virus hides itself and attacks all the files accessible to the user. Once completed, up to 48 hours later, a window pops up, either a big red box demanding you send money, in a limited amount of time, after which you will receive a key to unlock your files or you get a screen advising you that the computer has been blocked and that you have 48 hours to pay the fine. Your computer and data are effectively being held to ransom.

Investigation into these emails indicate they originate from overseas, and paying the fee gives no guarantee that you will in fact get a key to release your files. In fact we would advise against this. Once you’ve given your credit card details to cyber criminals, your problems are going to continue. A criminal can either sell your credit card number or use it fraudulently themselves.

So how can you prevent this? How can you protect yourself?
Your two biggest weapons are Awareness and common sense.

  • Be careful what web sites you visit, what links you click. Stick with trusted sites with good security.
  • Never respond to online solicitations.
  • Never pay a ransom. Report it to the authorities and use a professional to remove the software.
  • If you receive an email from an unknown source, forward it to and then delete it.
  • Never click on a zip file unless it’s from a trusted source and you were expecting it.
  • Make people aware of the potential threat, family, work colleagues and friends.
  • Make sure your anti-virus is up to date and running properly on your computer.
  • Regularly inspect your computer for malware and run antivirus scans.
  • Ensure you have regular and multiple backups of your data.
  • Stay patched. Keep your operating system and all your software up to date.

Prevention is far better than cure as the only cure is to wipe the infected machine and reload all the data from backups.

If you receive an email you are unsure about simply email it to and we will let you know if it is clean or a virus. For more information, talk to our security team on 0845 8620066.