'LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL' Ransomware
There is always a risk of downloading copyrighted material. Outside of the obvious legal risks of torrenting, torrents constitute a significant source of ransomware and viruses. Hackers either include malware in their cracking programs or disguise viruses as copyrighted material. The LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL ransomware, contrary to the name, can still find ways to infect people who never download copyrighted material.
What is LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL Ransomware?
The LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL ransomware is a virus program that falls under the category of ransomware. The virus has very little to do with actual copyright infringement. The name is just a scare tactic to trick people into paying the ransom demand. The malware encrypts data and requests payment for decryption, just like other ransomware. The virus changes the name of all infected files during this encryption process, changing their file extension to “.LOCKED” to make them inaccessible. The ransom note, called “README TO UNLOCK.txt,” appears in folders with infected files and on the desktop.
Your files are locked and encrypted with a unique RSA-1024 key!
To regain access you have to obtain the private key (password).
++++++++++++++++++++
To receive your private key (password):
Go to hxxp://u5ubeuzamg54x5f3.onion.to and follow the instructions.
You will receive your private key (password) within 24 hours.
Your ID# is -If you can't find the page, install the Tor browser (hxxps://www.torproject.org/projects/torbrowser.html.en) and browse to
hxxp://u5ubeuzamg54x5f3.onion
++++++++++++++++++++
BEWARE - this is NOT a virus.
The ONLY way to unlock your files/data is to obtain your private key (password) or you may consider all your data lost.
You have just 5 days before the private key (password) is deleted from our server, leaving your data irrevocably broken.
++++++++++++++++++++
LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL AND SUSPICION OF (CHILD)PORNOGRAPHIC MATERIAL.
The ransom note makes some allusions to the computer being locked on suspicion of possession of copyrighted material or child pornography. Outside of that, the ransom note doesn’t appear to be a message from an official law enforcement agency. The ransomware is not connected to the authorities in any way at all, as said by the note itself.
The note informs the victim that their files have been encrypted with the RSA-1024 cryptographic algorithm. The only way to unlock the data is by acquiring a decryption key from the attacker behind the ransomware. Victims are told to visit the website in the note to get further instructions on how they can recover their data.
Victims are also told that they only have five days to connect with attackers and get their decryption key. The key is deleted after five days, and it becomes impossible to decrypt the data. Unfortunately, it is almost always impossible to decrypt data in a ransomware attack without help from the criminals. It may be possible for security experts to create a public decryption key, but only in cases where the virus isn’t advanced or has flaws that can be exploited.
Even so, ransomware victims must never give in to the demands of the attacker. The only way to decrypt data is indeed with a private decryption key held by the attacker. However, it is also true that they are under no real obligation to hand over the key once they get their payment. It is likely that they will keep the key to themselves and steal your money as well as your data. Your best option, when faced with ransomware, is to remove the virus from your computer and then restore missing data with a backup.
Keep in mind that being infected with this virus is by no means an accusation that you actually have copyrighted materials or child exploitation on your computer. This accusation is just a scare tactic used by the attackers to make victims afraid to seek help. Victims may be afraid that the real authorities won’t see them as being innocent, so they pay the ransom to avoid having to deal with potential problems. Do not hesitate to contact the proper authorities if you are hit with ransomware, no matter what the note suggests. Authorities will be able to see that you do not, in fact, possess the materials the message accuses you of having.
How to Protect Against Ransomware Attacks
One of the most important things you can do to protect against malicious programs is not to download and install software through unofficial websites and installers, third-party downloaders, and peer-to-peer networks such as torrent sites. You should always use official channels to get your software and avoid using pirated software. Illegal software is packed with “cracks” that activate the software. More often than not, these tools install malware instead of, or along with, activating the software. Programs and operating systems should be updated whenever possible, but make sure these updates come from official channels.
You should avoid interacting with website links and attachments in emails sent from suspicious and unknown addresses. There is the chance that these emails have been sent by cybercriminals to spread their malicious programs and catch you in a trap.
Last but not least, you should keep an antivirus program on your computer. Make sure this program is updated regularly with all the latest virus databases, detection, and removal methods. Be sure to run a virus scan regularly to detect infections like ViluciWare to keep your computer safe.
