WinLock: Windows Blocker
WinLock is a family of computer viruses that interfere with the operation of a computer and require a cash payment in favor of the author.
WinLock is a separate family of malware. This type of program does not have the reproduction function, which is characteristic of the virus software family. It also lacks the ability to hide its activities, characteristic of trojans. On the contrary, WinLock does not hide, but blocks the PC, extorting money.
Winlock Windows Blocker Sample
Windows Blocker History
The first copies of WinLock’s appeared in 2008. First, to unlock the PC, it was necessary to replenish the account of a mobile phone. After that, there were instances requiring sending SMS to a short number (there is a conspiracy with dishonest operators of short numbers).
At the moment, most Windows blockers (that’s what users called them) require you to transfer money to your WebMoney account through a quick payment machine (I-box, Citypay).
It is sad that earlier the user could receive the coveted computer unlock code by replenishing a mobile account for scammers, or by sending an expensive SMS. At the moment, almost all blockers require money to be transferred to a WM account, claiming that the unlock code will be printed on the check issued by the terminal.
Of course, this cannot be true. In our practice, there were clients who transferred money several times, believing that the first time the unlock code was not printed by mistake. In especially anecdotal cases, after several unsuccessful attempts to find the unlock code, the injured client called technical support for the payment terminal, making a complaint to them.
WinLock example 2
How WinLock Works
The prepositions under which it is proposed to pay:
Fine for using unlicensed software. The authors of these viruses live “next to us” and are well aware that unlicensed software is massively used on home computers.
Penalty for violation of the use of the Internet or anything else.
Fine for watching pornographic material. Moreover, WinLock’s authors do not hesitate to indicate child pornography or bestiality as viewed videos.
Almost all versions of WinLock threaten to delete all information or break the computer if the user tries to remove the virus from the PC without paying.
Especially anecdotal is the case when a user is accused of viewing pornography, threatening, in the absence of payment, to delete all data from the PC and transfer the case to the police. There are two inconsistencies here. If you transfer the case to the police, then why destroy the evidence (that is, erase everything from the PC). Second: for the creation of such programs, the authors themselves could just as well have been transferred to the police for fraud and the creation of malicious computer programs.
How not to get infected?
So, how to avoid infection:
Use the latest software. This includes both the operating system with the latest updates and the latest version of the Internet browser. If your OS is out of date, install Windows here.
The presence of an anti-virus program with the latest version of anti-virus databases.
Observe basic safety rules on the Internet. Do not visit dubious sites, do not download or run the programs offered there.
Windows is locked and now what to do with it?
If you have already become infected:
In no case do not pay fraudsters. Firstly, it is useless. The computer still does not unlock. Secondly, support the creation of future versions of WinLock, which you will suffer in the future.
Do not believe the promises to destroy all the data, break the computer, overthrow the government or pull Tymoshenko out of the pre-trial detention center. WinLock does not commit destructive activity. After all, if he nevertheless destroys your data – you will not pay.