They find their screen frozen with an alarming note from what appears to be a government agency claiming they've accessed child pornography or committed other crimes and demanding money to unlock their machines.
If they fail to pay, the note warns, the authorities will lock them up next.
"It's probably the number one, end-user cybercrime now," said
Experts say the risk of getting infected with "ransomware" can be minimized by making sure all of your software -- including your antivirus programs -- are updated regularly, not opening spam or email attachments from people you don't know and avoiding suspicious-looking websites.
Also, clip out the accompanying tips from
If that doesn't work, you may have to wipe the computer completely clean and reinstall your files afterward. That assumes you have previously "backed-up" or stored those files on a USB device, websiste service or some other way. If you haven't, your photos, financial records and other documents could be lost.
Windows-based computers often come with a recovery CD for restoring the operating system and other pre-loaded software. But restoring files can be complicated and people who aren't tech savvy may need to get help from a computer-repair store or other experts.
"It's a nasty type of malware," concluded Andreas Baumhof, chief technology officer at San Jose security company
Although the money-extorting scheme has been around for years, it gained notoriety in 2005, when Russian crooks began using it. Since then, it has evolved to become one of the world's most pervasive and aggravating cyber schemes.
At least 16 variations of the scam have been documented. A typical version freezes the victim's computer with a message bearing an official-looking
In earlier versions, victims were told to pay the ransom by sending a premium-rate text message, which was charged to their phone bill. More recently, crooks have demanded payment via prepaid electronic systems such as MoneyPak. Those are sold for cash in stores and provide coded numbers used to pay bills online.
"A conservative estimate is that over
Experts generally advise against paying the ransom, because there's no guarantee the crooks will ever unfreeze the computer. If you do pay, said
ten Steps for removing ransomware
Here's how to use a free
1. If the computer is Internet connected, shut it off by holding down the power button for about 10 seconds.
2. Turn it back on while repeatedly tapping the F8 key.
3. When it brings up the "advanced boot options," use the down arrow to select "safe mode with networking" and hit "enter." You should see a screen that says "safe mode."
4. Open a browser -- such as Google Chrome, Mozilla Firefox or Internet Explorer -- and go to www.norton.com/npe
5. Click the button to download the Norton Power Eraser, save it to your desktop and double-click the icon to run the file.
6. After reading the user license and clicking "agree," click "scan for risks."
7. As Power Eraser restarts the computer, repeatedly hit the F8 button and again select safe mode with networking.
8. Click "run" so Power Eraser can scan for the virus.
9. Once it finishes, you'll see "scan complete" in a window with the results. Then click the "fix" button.
10. Click "restart" to reboot the computer again. You should see a confirmation that threat has been removed.
(c)2013 the San Jose Mercury News (San Jose, Calif.)
Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com
Distributed by MCT Information Services