In his more than 20 years of fixing PCs, John Phelan has dealt with hundreds of computer viruses.
“But this is the worst,” he said of the one he saw for the first time Thursday.
He was surprised when a frantic mother brought in a laptop that had been “blocked,” seemingly by the U.S. Department of Homeland Security, supposedly for illegal activity, or cybercrime, done by users of the family computer.
A commanding voice on the computer said, “Your PC is blocked. To unblock the computer, you must pay a fine of $300 through MoneyPak.”
The bogus reasons given for the department purportedly taking the computer hostage are using, distributing or sharing child pornography, copyrighted files, or unlicensed software. The fraudulent claims are all part of the so-called “ransomware” virus that seeks money from its unsuspecting victims.
“This is not good,” Phelan said. “I’m sure it must scare the bejesus out of people.”
What made the virus particularly alarming is that the pop-up screen for the scam included a picture of the customer’s son in the right hand corner, unknowingly shot by the PC’s built-in camera, and it listed the city and state he lived in, the IP address and other details about the home computer, including the name of the operating system, Phelan said.
“It kind of makes the public aware that there are people watching and listening to you at any time,” he said.
The pop-up screen shows the logos of other agencies, including the U.S. Department of Treasury, the Global Illicit Financial Team and the U.S. Department of Justice, making it look even more official.
Victims of the scam are told they have 48 hours to pay the fine, or they will “become the subject of criminal prosecution without the right to pay the fine.”
“The Department for the Fight Against Cyberactivity will confiscate your computer and take you to court,” the screen warns.
The screen tells users that all their files, videos, photos and documents will be deleted if they attempt to unlock their own computers, which will lead to the “full formatting of the operating system.”
Victims are given three steps to pay their fine online: Take cash to the store to buy a MoneyPak, purchase the MoneyPak, then enter the code from the MoneyPak on the computer.
A handful of retailers are listed, including Wal-Mart, Kmart, 7-Eleven and CVS, where MoneyPak cards can be purchased. The prepaid cards are used like debit or credit cards, but they’re not linked to bank accounts.
The debilitating virus can get on the computer in several ways, from spam email to questionable websites. Anti-virus software, such as Norton, can help protect computers, Phelan said.
This type of virus isn’t new. It’s similar to one known as the FBI virus, which has been around for a few years.
Lt. Chad Parker, with the Collier County Sheriff’s Financial Crimes Bureau, said one victim brought in his laptop to show detectives what it looked like and it looked authentic, like it could have come from the FBI.
“I don’t know if we’ve had anyone fall victim to it, as far as anyone providing the money,” he said. “We had two cases of it, and that was probably four or five months ago.”
He recommends victims seek the help of professionals in removing the virus to ensure it’s gone and doesn’t continue running behind the scenes.
He described the virus as the “screen of death.”
“Nothing else is going to operate until you get that virus removed,” he said.
Removing the Homeland Security virus on Thursdays took Phelan a few hours, costing the customer about $130. It’s the first time he’s seen a virus that involved taking a user’s picture.
“It’s a much more involved virus now,” he said. “It’s really morphed into this. The shocking thing is that it’s just going to get worse.”