What is the “ransomware detected” pop-up?
Has an unfamiliar pop-up appeared in your browser? Spread by adware, the “ransomware detected” pop-up and other fake pop-ups are used by cybercriminals to commit fraud.
This article teaches you how to identify and remove fake pop-ups. Read on as we explore:
- What fake pop-ups are
- How pop-up scams work
- Ways to identify fake pop-ups
- How to remove fake pop-ups
- Different types of fake pop-ups
- Protecting against pop-up scams
- How to prevent fake pop-ups
What are fake pop-ups?
Pop-ups are generated by websites to offer users additional information or guidance (such as how to fill in a form, how to apply a discount code, etc.) However, some can be unwanted or even harmful — these are usually fake pop-ups. In fact, some fake pop-ups are designed to entice you into clicking on a button that redirects you to a fake site. Some pop-ups may also be installed by adware or malware programs.
So, what is the “ransomware detected” pop-up? Like other fake pop-ups, this pop-up displays a false security warning as part of a pop-up scam. Fake pop-ups may appear in your browser (if your browser is redirected by adware) or they may be produced by adware or malware programs installed on your computer.
Adware is something that you may have downloaded accidentally, possibly by clicking on a malicious advert by mistake. Alternatively, adware may have infected your computer through a link in a spam email or an attachment that you opened. Once on your computer, adware automatically displays pop-ups in your browser when you are online. The “ransomware detected” pop-up is one of many fake pop-ups that can trigger malicious advertising.
The message displayed on the “ransomware detected” pop-up may appear similar to this:
Error #268D3 (Unauthorized access)
Russia, China, Vietnam
1) Facebook Logins
2) Credit Card Detail
3) Email Account login
Do Not Shut down or Reset Your Computer, Call Security Expert & Scan Your Device & Network Now.
The server reports that it is from Internet Security Damaged !!! WannaCry Ransomware Threat Detected !! Call Microsoft Help Desk: (TOLL-FREE) for Free Checkup.
Warning: Your username and password will be sent using basic authentication on a connection that isn’t secure.
If you spot this message, this a fake-pop up and is part of a pop-up scam. Do not respond to it. Instead, follow the adware and fake pop-up removal process outlined in this article.
How do pop-up scams work?
Fake pop-ups, like the “ransomware detected” pop-up, tell users that there is a security threat or technical problem with their computer. They instruct users to call a telephone number specified on the pop-up in order to pay for technical support to resolve this threat.
Cybercriminals use these pop-up scams to make money. They prey on concerned users who want to ensure their computer is secure, extorting money from them to fix problems and resolve threats that do not exist.
To learn more about how pop-up and tech support scams work, read our article on Tech Support Scams.
How to identify fake pop-ups
Now you understand what pop-up scams are, let’s discuss how to spot them. Here are a few ways to identify a fake pop-up:
1) Look for spelling mistakes and unprofessional images
To identify a fake pop-up, look closely at the information being displayed in the pop-up. Are there any spelling mistakes? Do the images look professional?
Poor spelling and grammar and unprofessional imagery suggest that a pop-up is fake.
2) Compare the pop-up to a legitimate notification
Fake pop-ups may claim to be from your internet security provider. It is important to be able to differentiate legitimate notifications from fake pop-ups.
Familiarize yourself with how legitimate notifications (from the internet security or anti-virus software you use) normally appear. If you use Kaspersky Internet Security, this is how security notifications from us appear.
Getting familiar with how legitimate notifications appear will help you spot a fake pop-up.
If you’re in any doubt, ignore the pop-up and scan your computer using your Internet security product.
3) Try to close your browser
Fake pop-ups may cause your browser to switch to full screen mode. If your browser is on full screen mode and you see a suspicious pop-up, try to minimize or close your browser.
If you are unable to minimize or close your browser, it is likely that the pop-up you are seeing is a scam. Be careful when trying to close or minimize the pop up itself: the minimize and close buttons usually aren’t real. They’re just images of real buttons on a button and by clicking on them you are responding to the pop-up.
4) Verify the phone number
Most fake pop-ups give a phone number and instruct you to call it to resolve a security threat. If the pop-up claims to be from your internet security provider, check the phone number given against the number on the official website.
Another way to verify a phone number is to type it into your search engine. Legitimate company phone numbers can be verified this way. If you cannot find the company the phone number is attributed to, it is likely to be a scam.
5) Remember: we will not demand you call us
While your internet security provider may offer technical support over the phone, they will not demand that you call them — especially not via a pop-up.
Your anti-virus or internet security software does not require you to call anyone in order to work. Threats are normally resolved within the software itself.
If a pop-up is demanding that you call a number in order to resolve a security threat or fix a technical issue, it is likely to be a pop-up scam.
How to remove fake pop-ups
This section explores how to remove tech support scam pop-ups from your browser. If you spot a fake pop-up, you can easily remove it using Kaspersky Anti-Virus.
First, you need to close your browser. If the “ransomware detected” pop-up or another fake pop-up has locked your browser on full screen mode, close your browser using ‘Task manager’.
Click Ctrl+Alt+Del and select ‘Task manager’. Highlight your browser from the list and left click on it. Then, click ‘End task’ to close your browser. When you reopen your browser, ensure that it is set to block pop-up windows and not reopen the last opened page.
To remove the adware causing the “ransomware detected” pop-up and other fake pop-ups to appear in your browser, follow these 10 simple steps:
- Download and install Kaspersky Anti-Virus
- Disconnect from internet to prevent further interference from the adware
- Reboot your computer into
- Delete any temporary files using ‘Disk clean up’
- Run the on-demand scan in Kaspersky Anti-Virus
- If adware is found, delete or quarantine the file
- Reboot your computer
- Change passwords that you think have been compromised
- Update your software, browser, and operating system
- Rescan your computer to check no further threats
Different types of fake pop-ups
The “ransomware detected” pop-up is one type of fake pop-up. Other fake pop-ups that cybercriminals use as part of pop-up scams include:
“AppleCare renewal” pop-up: This is a pop-up scam that affects Mac users. The fake pop-up tells users there is a problem with their device and to call Apple support on a false number. Users who call may be made to think they need to renew AppleCare and tricked into paying the scammers.
Fake police pop-ups: Some fake pop-ups show messages claiming to be from law enforcement. They may trick users into calling a number to avoid criminal proceedings or give over personal data to help with an ‘investigation’.
Fake email provider pop-ups: Other fake pop-ups may pretend to be from your email provider, luring you to provide passwords or other personal data.
How to protect against pop-up scams
If you spot a fake pop-up, here’s how to avoid being scammed:
- Do not click on the pop-up
- Do not call the number of the pop-up
- Do not give out personal details or payment details
- Close your browser (using ‘Task manager’ if your browser is locked)
- Remove the pop-up adware following the steps in the section above
How to prevent fake pop-ups
So, how can you protect your computer from adware and prevent fake pop-ups from appearing? Follow our adware and fake pop-up prevention tips to stay protected:
- Use anti-virus software or a complete internet security solution. We recommend Kaspersky Total Security
- Keep your anti-virus and internet security software updated
- Keep your browser, software and operating system updated
- Read user reviews and developer descriptions before downloading apps and software
- Read the permissions that apps and software are asking for to check legitimacy
- Check apps and software have a reasonable number of downloads
- Only download apps and software from sites you trust
- Do not click on unverified links in spam emails, messages or unfamiliar websites
- Never open attachments in spam emails
- If using public Wi-Fi, use a secure VPN connection. We recommend Kaspersky VPN Secure Connection
- Do not insert unknown USB sticks or disks into your computer
Want to avoid becoming the victim of a pop-up scam? Prevent adware and fake pop-ups with Kaspersky Internet Security.
Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.