FacebookTwitterLinkedIn

PRISM Virus

Also Known As: PRISM Ransomware
Damage level: Severe

What is PRISM?

The NSA Internet Surveillance Program PRISM, Computer Crime Prosecution Section message, "Your computer has been locked due to suspicions of illegal content downloading and distribution", blocks computer screens and demands payment of a $300 fine using MoneyPak in order to unlock the system.

This is a scam. The message is not related to any legitimate authorities from the USA - it is a ransomware virus created by cyber criminals.

The main purpose of this screen-locking message is to scare unsuspecting PC users into paying a bogus fine by making false accusations of law infringements, such as downloading or distributing copyrighted content, watching child pornography, etc.

PRISM ransomware virus

This ransomware virus infects users' computers using 'exploit kits', which are proliferated via infected email messages, drive-by downloads, and malicious websites. Exploit kits rely on outdated software to infiltrate computers, and therefore, keeping your installed programs up-to-date can drastically reduce the risk of ransomware infection.

After successful infiltration, the PRISM virus locks the user's screen and disables all Windows features, which would otherwise allow termination of the fake message. This particular ransomware virus originates from a family called Reveton and targets PC users from the USA.

Previous variants of this virus exploited the name of The ICE Cyber Crime Center to scare PC users into paying the bogus fine. The NSA Internet Surveillance Program PRISM "Your computer has been locked!" message is a scam. Do not trust it, since paying the fine as ordered by the message is equivalent to sending your money to cyber criminals. 

Cyber criminals responsible for creating ransomware viruses from the Reveton family use IP address information to target PC users from different countries. This is achieved with localized variants of their deceptive, screen-locking messages.

To make their rogue messages appear realistic, cyber criminals exploit the names of various authorities and organizations, in this case, the NSA. Other known ransomware viruses use the names of the FBI, ACMA, ICE, etc. in order to deceive PC users into paying the bogus fine to unlock their computers.

PC users should be aware that no authorities or organizations, internationally, use screen-locking message to collect fines for any law violations. If your computer screen is already blocked with a message supposedly sent by the NSA Internet Surveillance Program PRISM, use the removal guide provided to eliminate this scam.

A fake message presented by the PRISM Virus:

NSA Internet Surveillance Program.
PRISM.
Computer Crime Prosecution Section.

Your Computer has been locked!

Your computer has been locked due to suspicions of illegal content downloading and distribution.

Your case can be classified as occasional/unmotivated, according to 17 (U.S Code)
Thus it may be closed without prosecution.
Your computer will be unblocked automatically.

In order to resolve the situation in an above-mentioned way you should pay a fine of $300 (MoneyPak)

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

PRISM virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the PRISM Virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the PRISM ransomware virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

After removing the PRISM ransomware virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove PRISM ransomware virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
PRISM Ransomware QR code
Scan this QR code to have an easy access removal guide of PRISM Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.