WinLock is a family of computer viruses that interfere with computer operation and require a monetary payment to the author.
WinLock is a separate family of malware. This type of program does not have a reproduction function, which is characteristic of the family of viruses. It also lacks the ability to conceal its activity typical of Trojans. On the contrary, WinLock does not hide itself, but blocks the PC’s operation, extorting money.
The history of the Windows blocker
The first copies of WinLock appeared in 2008. At first, to unlock the PC you had to top up your cell phone account. After that, a couple of blockers appeared which required you to send a text message to a short code (collusion with dishonest short code operators was evident).
At present, the majority of Windows blockers (that’s how users nicknamed them) require to transfer money to WebMoney account via a quick pay machine (I-box, Citypay).
Sadly, in the past the user could get the cherished computer unlock code by depositing money into the mobile account of a fraudster, or by sending an expensive SMS message. At the moment, almost all blockers require wire transfer to WM account, claiming that the unlock code will be printed on the receipt, issued by the terminal.
Of course, this cannot be true. In our practice there were clients who transferred money several times believing that the first unlock code was not printed by mistake. In particularly anecdotal cases, after several unsuccessful attempts to find the unlock code, the affected client called the payment terminal’s technical support, making a complaint.
How WinLock works
The pretexts under which it is offered to pay:
Penalty for using unlicensed software. The authors of these viruses live “near us” and are well aware of the fact that unlicensed software is widely used on home computers.
Penalty for violating the use of the Internet or anything else.
Penalty for viewing pornographic materials. And the WinLock authors are not ashamed to indicate child pornography or zoophilia as watched videos.
Almost all versions of WinLock threaten to delete all information or crash the computer in case the user tries to remove the virus from the PC without paying.
Especially anecdotal is the case when the user is accused of viewing pornography, threatening to delete all data from the PC and turn the case over to the police in case of non-payment. There are two inconsistencies here at once. If the case is handed over to the police, then why destroy evidence (i.e. erase everything from the PC). Secondly, the authors of these kinds of programs could have been handed over to the police for fraud and for creating malicious computer programs.
How not to get infected?
So, how to avoid getting infected:
Use fresh software. This includes both an operating system with the latest updates and the latest version of your Internet browser. If your OS is outdated, this is where Windows installation comes in.
Having an anti-virus program with an up-to-date version of the anti-virus databases.
Observe the elementary rules of safety on the Internet. Do not visit questionable sites, do not download and run the programs offered there.
Windows is blocked and what to do about it now?
If you have already been infected:
DON’T pay to swindlers under any circumstances. Firstly, it is useless. Your computer will not get unlocked anyway. Secondly, support creation of future versions of WinLock which you will suffer from in the future.
Don’t believe the promises to destroy all the data, to break the computer, to overthrow the government or to get Tymoshenko out of the detention center. WinLock does not do any destructive activities. After all, if it does destroy your data – you won’t pay. And this is exactly what the author does not need