Ransom Demands Accompany Fake Anti-Virus Malware

This in via PC World:  Fake anti-virus product Total Security, once installed, will disable all applications except the browser, claiming the computer is “infected” and keep the computer frozen until the owner pays for their “fix.”   This works by disabling your actual security product, and then reinstalling itself in a slightly different form when you attempt to remove it using traditional means.  Read the full story on the PC World link above.

The best defense I’ve found against the Fake AV exploit is this:  when you start to get the pop up flood of “your computer is infected” messages, immediately disconnect your computer from the Internet, either by disconnecting your Ethernet (network) cable, or by turning off the power to your cable or DSL modem.  These attacks rely on your Internet connection to add new capabilities to their initial attack, and disconnecting early may allow your real security product a chance to remove the initial infection successfully.

When this doesn’t work, the best course of action is to take your PC to a qualified computer support professional.  But be prepared, to successfully remove this malware may require a full reinstallation of the operating system and all programs. 


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.