The German Federal Police (BKA) warns about a computer virus that accuses victims of viewing “juvenile pornography”. The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro fine, via UKASH or PAYSAFECARD.
BKA Trojaner klein
The ransomware version found by the BKA uses a pop-up window that says the machine has been locked down due to “unauthorised network activity”. The window is crafted to look like it has been put together by Germany’s Federal Office for Information Security (BSI) and its society for prosecution of copyright infringement (GVU).
‘Emotional blackmail’
Text in the window claims that images of child sexual abuse as well as pirated content have been found on the machine. Also displayed is a picture of a child which it claims reveals illegal images have been viewed. Germany’s BKA said users should not pay the fine “under any circumstances” and added that neither the BSI or GVU collected cash in this way from those suspected of viewing illegal images or pirating content.
Suggestion of the “German Anti-Botnet Advisory Center”:
If ‘police-themed’ ransomware is installed on the system, it can be removed using a downloadable removal tool. In most cases, the botfrei.de Edition of HitmanPro (multilingual) is able to remove the ransomware, restoring normal access to the system. For all others, the experts provide individual help.
The tool scans and cleans computers before they have been booted completely. This is especially important, as police trojans and its like prevent the computer from booting. The tool can be placed on a USB storage device, scanning the computer for malware before booting is completed.

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video


It is available for Windows and can be used free of charge for a period of 30 days after download.
After having disinfected your computer, please check your browser’s security: https://botfrei.de/en/browsercheck/ and to perform a full system scan with a professional and up-to-date AV product, such as Malwarebytes Anti-Malware or HitmanPro. We suggest to do this on a regular basis.

  • DO NOT pay the ‘fine’ (ransom) demanded – in most cases, payment still does not restore normal use
  • DO report the incident to the police
  • If full disinfection is not possible, consider reverting the system to the last saved configuration with System Restore, or reformating/reinstalling it from backed up files
  • Manual disinfection is a risky process; it is recommended only for advanced users. Please seek professional technical assistance.