SOPA reincarnates to hold your computer hostage

SOPA reincarnates to hold your computer hostage

Summary: We all thought SOPA was dead, but new ransomware claims differently. Want your computer back? You'll pay the SOPA fee.

TOPICS: Security

SOPA. The dearly-beloved anti-piracy bill rightfully quashed before it reared its ugly head and became signed into U.S. law. It only took months of worldwide protests, tech media outrage, site blackouts and the occasional satirical video or two.

A huge sigh of relief spread through the technology community when the bill was discarded -- at least for the moment. However, enterprising virus developers have piggy-backed on to the fear that copyright infringement and court cases produce for the general public -- using the recognizable SOPA branding to lure victims into parting with their hard-earned cash. 

The so-called SOPA cryptovirus which warns users that their IP address is on a copyright infringement blacklist has been discovered. The 'ransomware' holds a computer hostage, warning that unless a victim hands over money, data will be wiped. U.S. and Canadian victims have to pay via a MoneyPak prepaid voucher, whereas others have to use Western Union.

Once accused of distributing illegal files, infected users are told they must pay $200 within three days.


The warning screen above says:

If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List. One or more of the following items were made from your PC:

1. Downloading or distributing audio or video files protected by Copyright Law.

2. Downloading or distributing illegal content (child porn, phishing software, etc.)

3. Downloading or distributing Software protected by Copyright Law.

As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.

Of course, ransomware must be ignored. As Sophos' Naked Security points out, simply searching for "Stop Online Piracy Automatic Protection System Removal" will get your data back, without spending a penny. However, something that surprised them was the inclusion of a decryption test service. Sophos' Chester Wisniewski says that "If you are willing to mail off one of your encrypted documents with your unique ID number the criminals will decrypt it for you to demonstrate they do in fact possess the keys."

In the same way that phishing emails often appeal to a victim's emotions or expectations of a future event -- consider the tax rebate, student loan company mistakes or banking communications we receive on a daily basis -- it seems that virus makers are also jumping on the social engineering wagon. In both cases, taking a step back and doing your research online before giving out sensitive information or banking details is always the best course of action.

Image credit: Sophos

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Just like the FBI Moneypak Virus, Several ways to defeat this

    I have been able to manually defeat the fbi moneypak virus which I'm pretty sure this mimics (even by the looks). Depending on which variant it is, just disconnect from wifi or ethernet, reboot in safemode. Go to control panel>folder options and uncheck hide hidden or system folders. next go to users>(your user name)> and look at file dates, they are typically a few hundred k and will be a .exe file. delete these and empty the recycle bin. Other varients will hide in Users>(your user name)>AppData>local or AppData> roaming. The newest variant of the moneypak hides in the windows folder with a few planted in the Users folder for redundancy. Another way if you have multiple users on your system is to login as the infected user, switch users after the moneypak/sopa nag appears, open task manager, show processes for all users and look for the oddly named running process. The newest moneypak's process is hidden. Once detected, delete, make SURE you empty the recycle bin and reboot.
    • Yeah...

      This define the majority of virii back in the mid 90's, nothing new. I was pumping out worse on my pc at age 15, i ecen loaded one onto my school lol but its easy as that and just as easy to avoid.
  • All virus writers should be executed!

    No questions asked. No appeals or other legal BS. Just hang them!
  • Ukash

    Very similar to the Ukash. They want £100 and they have a Metropolitan Police logo on the page.
    Luckily Malware site has good info on how to get rid of it.

    • Ukash is regional

      They seem to be able to use your IP address to identify where you are in the UK and display the police logo from the appropriate region. I've had a few students in a panic when they've had the West Yorkshire Police warning message turn up on laptops loaned from college...
  • As Always

    Be self aware of your online security and none of this BS will ever happen to you.
  • SOPA ??? Whats a SOPA ??? lol

    After being online for over 30 years, I have just about seen it all. I must say that with new tech comes new more colorful artwork. Even bolder cyber maggots crawling around sucking up our hard earned cash have gotten more annoying. So what are we supposed to do? No matter what kind of security features we pay for there are new edge viruses out there that cut them to pieces. The problem I have with that is, they and technology leaps keep filling up our landfills. Personally I have the knowledge to build but in all my years have never bothered. Why ?...because I despise people who waste valuable education on causing harm. If you think about it, the game of cat and mouse is being played out between builders...Malware vs Security. So what is really going on here ? Is it the Hackers,Government or the Spies ? that we need to address. Surely in this day and age security builders could form a group and build 1 platformed end all product? Just like the bad guys are doing now to protect themselves from being detected. I have run into Malware junk that trashes every security fix made. Come on guys enough is enough, either make all the security/Malware fighters free or at least build a non hackable functional product so us lil guys can finally enjoy life online. (That doesn't break the bank)
  • Restore Point required

    The other day a neighbot had this on his computer. It really locked things up and disabled a lot of fucntions I would use to cleanit up. I ended up using MSCONFIG to boot in "diagnostic mode". From there I was able to load a restore point from a couple of days prior. That resolved the issue.

    Hank Arnold (MVP)
  • Very dangerous

    Especially when some virus should activate this in one way or another...