Cryptolocker is a specific malware form used mainly to connect individual computers into botnets. Since the intent is that you will NOT KNOW that your computer has been "seized for malicious use" it should give you no indications that it's present. This particular version is well enough known that the AV industry has a project currently working specifically to take down the servers that Cryptolocker goes to for its instructions for what to do. Some success has been reported.

Fake messages are used to get malware onto individual computers, but the method is not necessarily related to what particular malware the message carries. In many cases the malware is not contained in the first fake message, but the message tries to get you to "click here" and when you click, the link tells your computer that you've given permission for your computer to do something. This overrides some AV systems that would otherwise have blocked the malware, since "you're da boss." This method is commonly called a "SOCIAL ENGINEERED ATTACK" since it disguises itself as coming from someone you might recognize, and might be likely to "click" to reply. Business networks get a lot of these, with messages pretending to be from "your boss" or "your IT department." Local reports in my area have indicated a recent high incidence of messages "from the IRS." Anybody who wants to work at it a little can do it.

The fake message method may also be used to demand that you provide information that you shouldn't give to anyone, and if you reply it doesn't really need to put any malware on your computer since you've already given it what it wants. This doesn't mean it won't infect you since any reply you make can be faked into looking like a permission to download something, and they "might find something else later" if the get real malware on your computer.

Ransomware is a third and distinct kind of scam. Usually the first thing you see is a popup that tells you that your computer is "infected," and tells you you should "click here" to find out what to do about it. In many cases the first message is completely phony, as NO EXTERNAL WEB PAGE OR EMAIL should be able to look at sufficient content on your computer to tell whether there's anything malicious on it, if you have fairly ordinaty AV and Firewalls set up.

IF YOU CLICK, the site you click to may be rigged to make your computer assume that you've given permission, and malware may be downloaded to it. In the worst case, the download may seriously compromise the operation of your computer, and you'll be offered a removal if you send money. In many cases, sending money will only get a notice that "something better is needed," but once again when you send more money nothing useful will be done. When/if you conclude that sending more money won't help, you're left with a crippled comp0uter.

By now, anyone who has connected to the internet at least twice should know about each of these scams (and several other common ones), and should know the rule:

               JUST DON'T CLICK

on anything that doesn't come from a source you KNOW and TRUST, and from whom you EXPECT to be receiving advice.

There are a few "semi-legitimate" programs that claim to be able to "clean your machine" and may produce similar popups. Nearly all of these are useless, but any IDIOT who would use an advertising method that emulates malware is not to be trusted by anyone who isn't a similarly afflicted idiot. (personal opinion, from one differently afflicted?)

John