Garda Malware Virus
Ransomware is a form of malware that, after infecting your computer, attempts to hold it and your files hostage, demanding money to release them. We came across this virus in a laptop that was handed in to our IT Support desk. Needless to mention, the system was not protected by our recommended internet security solution, ESET Antivirus.
What does it look like?
This nasty little program claims to be from An Garda Síochána. It lists a host of reasons why the Gardai might have locked your computer screen. This is to create panic, making the user worry about what websites they may have visited or perhaps what others would think they had been up to.
In the latter case, it’s easy to understand why someone would actually pay the so-called “An Garda Siochana”. A naive web user would see the words “child pornography” on their screen and immediately set about removing the message as secretly as possible. The goal is to scare you into paying a “fine”; essentially, holding you to ransom, which is extortion in its purest form.
What does it do?
The virus locks up the screen such that the screenshot above is the only program that can be used by the user. On the right of the screen it explains that you can purchase a code to unlock your system, and that’s where this becomes profitable for the attacker. If only a small fraction of people pay up that can mean big business for criminals. In 2010 the Win-Lock ransomware which demanded US$10 to remove a pornographic screen reportedly earned its creators over US$16 million.
This virus is a variant of other so called “Police Viruses”. In this case, the attackers have customised the virus for Irish web users, but the same virus is attacking worldwide representing the national police forces of other web users depending on their country.
What should I do?
Lets talk first about what not to do. Do not pay any fines. This is the official word from An Garda Síochána themselves. You probably won’t be able to retroactively install an Antivirus program post-infection as the virus will block all attempts to adjust the system through normal means.
In our customers’ laptop, we removed the infected hard drive and ran an ESET Antivirus sweep on the infected drive from a clean computer. ESET had no issue removing the virus and returning the drive to health.
How do I prevent a future attack?
Even the most careful of internet user will at some stage be the victim of a virus attack. By now you have probably guessed that we recommend ESET Antivirus as your Internet Security software of choice. If you are interested in purchasing ESET for your business, please contact us today.