New malware has appeared that takes advantage of the 2016 presidential elections in the US. The virus displays a fraudulent lock screen message claiming it is originating from the CIA. The message displays that the malware is a legitimate program that aims to make sure nobody cheats duing the 2016 election and it’s purpose is human verification by paying a hefty sum of 50$ via PaySafeCard. Anyone who came across the message from the picture above should immediately remove this malware from their computer by reading the information in this article.
Images Source: Michael Gillespie on Twitter
Official CIA Election AntiCheat Control
|Short Description||The malware displays a fake message that prompts victims to verify that they are human by paying $50 to a PaySafeCard account.|
|Symptoms||The user may witness the images of Donald Trump and Hillary Clinton along with a long note which aims to rope them into falling for this scam.|
|Detection Tool|| See If Your System Has Been Affected by Official CIA Election AntiCheat Control |
Malware Removal Tool
|User Experience||Join our forum to Discuss Official CIA Election AntiCheat Control malware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Is CIA Election AntiCheat Malware Spread?
There may either be malicious files or malicious web links linking to files associated with CIA Election AntiCheat malware. Such objects may be distributed via several different ways, the primary of which is believed to be massive e-mail spam campaigns undertaken by cyber-criminals. Such spam campaigns are often related to either spam bots or external spammers whose services may have been requested by CIA Election AntiCheat Malware. Not only this, but CIA Election AntiCheat is also believed to use other methods to spread like social media websites or file sharing services.
CIA Election Control Malware – More Information
This virus is both old and new because it uses a tactic that is well-known for most police ransomware viruses that are combined with a lock-screen message and this is nothing revolutionary.
Even the police message aims to induce fear in the average user (voter) just like FBI ransomware variants do:
What is new in this malware, however, is that it uses PaySafeCard methods for it’s payment which is not typical for most lock screen viruses as they use BitCoin.
The virus is even pre-programmed to scan for a valid PaySafeCard code:
After this is performed, the virus displays a message that states wether the PaySafeCard payment is complete or there is an error and if there is an error, it even displays what that error is:
These type of cheap lock-screen scams are nothing new and malware researchers strongly advise users who have been affected not to pay any type of ransom fee because there is no such thing as a CIA AntiCheat Control for the American people. Instead, we urge you to remove this virus from your computer completely.
Removing CIA Election Control Malware Safely
You can go hunting for the malicious files that the malware has created by following the manual instructions in our article and looking for files with commonly generated malicious names and in the often targeted Windows folders:
Another safer and more effective strategy is to boot your computer in Safe Mode to isolate CIA Election Control malware and scan it via an advanced anti-malware program that should make sure the virus’s files as well as the registry subkeys and value strings I has modified or created are automatically and fully removed, instructions for which you may find below.