PRS for Music Your computer has been locked stands for a scam (ransomware) application that aims to collect funds from unwary PC users all over the world. It should be first noted that several weeks ago Performing Right Society organization (abbreviated as PRS) wrote an explanatory notice where they clearly stated that the scam is not associated with PRS for Music and that they are researching this case thoroughly. It is quite logical to ask ourselves why in the world this organization is so concerned about this malicious application. Obviously, this is due to the fact that the online frauds use their trademark and logo, together with Metropolitan police evidently, to design this scareware as the real warning that allegedly appeared in front of your screen, being supposedly originated by the law enforcement bodies of the UK. This badware is especially severe sample and, regretfully, is very persistent at this very present time. Thus, what does this scam perform in particular? As soon as it is successfully implanted into your machine, it obtains total control over your Desktop with quite a professionally designed and written full-screen notice indicating to be originated by PRS for Music and Metropolitan Police law enforcement bodies. Here is how this scam depicts itself on a real computer:
The scary notification asserts that illegally downloaded music files have been detected on your PC and for this reason your system has been locked. Here is the complete quotation of what it accuses you of:
PRS for music
Your computer has been locked.
Illegally downloaded music pieces (pirated) have been located on your computer.
By downloading, those music pieces were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading of copyrighted songs via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine or imprisonment for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded music pieces is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.
You can be clearly identified by resolving your IP address and the associated hostname.
The pirated material has been encrypted and was moved to a protected folder to prevent further damage.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of £50. Payable through our payment partner Paysafecard. After successful payment, your computer will automatically unlock.
Failure to adhere to this request could involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired Paysafecard code in the designated payment box and press the “Submit” button.
The PRS for MUSIC is legitimized by law – and is in close contact with the legislators and the Metropolitan Police.
We haven’t yet researched the issue of copyright laws in the United Kingdom of Great Britain and Northern Ireland, but even if such legislation acts do exist surely you haven’t violated them. Thus, don’t fall into scared mood and don’t allow this malware to persuade you to follow its deceptive instructions. To subsequently scare users into believing that PRS for Music warning is a real notice from real police bodies, online scammers apply Geo IP features to identify your IP address and host name. It literally calls the command and control server before showing the actual notification. It should be emphasized that the net spies attack PC surfers in other geographic locations too. For example, the presence of similar ransomware applications has been noticed in the following countries with the following names of malwares:
- Gema and GVU – Germany
- Sacem – France
- Buma Stemra – The Netherlands
- Suisa – Switzerland
- AKM – Austria
Indeed, all the above-mentioned organizations in Europe protect the interest of songwriters, composers, and publishers.
Once executed and launched, PRS for Music scareware/ransomware says that the illegally downloaded music files were encrypted and relocated to a specially protected folder. This is not the correct statement at all. Even though this ransomware sample can be quite difficult to get rid of, it’s not extremely irresistible and, by the way, does have certain critical bugs that will be enlightened in our next paragraphs and can be applied to bypass the blockage within a couple of simple steps to make. In addition, PRS for Music scareware says that you must pay £50 if you want to escape from punishment and imprisonment. Thus, don’t ever donate the funds in favor of the crooks that elaborated this malicious application. By doing as the malware instructs users just waste their funds and eventually will not be able to get their funds back because payments should be processed by means of PaySafecard, PayPoint or some other possible payment processing companies. They are known to accept payments that are anonymous. Additionally, they will not unlock your PC.
Users must also be advised of the fact that this virus does not possess with the features to obtain personally identifiable or sensitive data about you. It is not able to get rid of any of your files either. Don’t panic, your files aren’t lost and aren’t even relocated as stated by the malware. You simply must delete PRS for Music virus from your workstation. If you are not very experienced with PCs, you can simply take your system to a local repair shop, but this may cost you a fortune, as they say in Britain, to restore your PC back to the normal, fully-functional mode. Or you can try to delete this scareware using manual removal methods. Please therefore follow the uninstall guidelines described herein.
Instructions to prevent your system from being infected with PRS for Music scam/ransomware
Make sure to update your software, especially Adobe, Java and all your available online browsers. Make sure you have updated security programs installed on your system, as well as the extra firewall. According to the information we possess with, online hackers apply BlackHole, by lately they also widely applied exploit pack in order to spread this ransomware virus. Just visiting infected web-pages may cause the above-said problems for your system. Consider watching the video guide below that depicts how online hackers operating with the most updated version of BlackHole 1.2.3 can without any problems attack your system if you have outdated version of Java. The exploit is known to use a bug (vulnerability gap) in Java (CVE-20120-0507).
NOTE: The tribute goes to Kafeineify for preparing this excellent YouTube presentation.
Keep in your mind that PRS for Music ransomware persists even in Safe Mode, Safe Mode with Networking and Safe Mode with Command Prompt too. At the same time, as soon as you restart your system into Safe Mode with Command Prompt you do have a couple of seconds to open Windows Explorer. If you are lucky enough you can recover your PC to a previous date when your system was ransomware-free.
PRS for Music uninstall guidelines (System Restore method):
- Restart your system into “Safe Mode with Command Prompt“. While the PC is booting keep hitting the “F8” key repeatedly which should lead you to the “Windows Advanced Options Menu” as depicted below. Use your arrow keys to go to “Safe Mode with Command Prompt” and hit Enter key.
- Make sure you log in to an account with Administrator’s rights (login as Admin).
- As soon as the Command Prompt comes up you have a couple of seconds to type in explorer and press Enter. If you fail to do it at the lapse of 2-3 seconds, the PRS for Music ransomware will reappear and will not let you type any text at all.
- If you were successful to launch Windows Explorer you can now locate the following files:
- Win XP: C:\windows\system32\restore\rstrui.exe and strike Enter
- Win Vista/7: C:\windows\system32\rstrui.exe and hit Enter
Optional PRS for Music scareware uninstall solution by means of Print to file option:
There is one IT researcher named Thice who published an awesome uninstall tutorial that can be applied to delete PRS for Music scam without a necessity to restart your system in Safe Mode. Depite the fact that this uninstall guide was initially developed to assist users to get rid of Buma Stemra ransomware (similar one), it should be easily applied for PRS for Music too. Generally, it’s the same virus attacking PC users in various geographic locations. Direct link to the uninstall guide prepared by Thice:
What to do when the above-mentioned solutions don’t work
Don’t panic. If the remedies described above turned out to be unsuccessful please refer to this particular page that shows how to use Kaspersky Rescue Disk (ransomware recovery software that is totally free):