When it comes to innovation, cyber-criminals have no borders, or that’s what we believe after analyzing this piece of multi-language malware detected as Trojan.Ransom.IcePol.The ransomware adds itself to the Startup Registry key in order to ensure persistence after every reboot. As soon as the computer starts, the screen gets locked and displays a message in the user’s language, if the user is located in a country that speaks one of 25 languages. The message states that the computer got locked as suspicious activity (download of copyrighted material or of “illegal pornography”) was detected. Of course, the system can be unlocked by paying a ransom, euphemistically described as “fine”.
If you have become infected with this ransomware Trojan, use a working computer to download the Bitdefender removal tool.
- Copy it on a flash drive then boot the affected computer in Safe Mode with Command Prompt. This is extremely important as your desktop is locked by the malware.
- Use the command prompt to launch the removal tool from the removable medium and run it. The scanning process is extremely targeted to the specific areas of the system which are affected by this particular e-threat, so the whole process should only take between five and ten seconds.
- Reboot the computer and start it normally. Your desktop should now be unlocked.
Leave a reply