Researchers have found that at least 2,500 victims paid to hackers so that they would free them from the worm that had sized users’ PCs. A fast-spreading virus identified by Trend Micro as Worm_Rixobot.A has been spreading in recent weeks using infected porn websites, instant messaging applications and even infected USB drives.

Having taken over a user’s machine the worm terminates a range of Windows and security programs and block access to websites while a splash screen demands that users pay the Russian rouble equivalent of $12 by texting a premium-rate SMS number in order to receive an unlock key.

Such a relatively small amount explains why many people agree to pay to get rid of this trouble which is an obvious success for cyber crimes. According to Trend, which hacked the crime servers associated with the worm, the latest campaign has made 901,000 RUR (about $29,500) in only five weeks, equivalent to nearly 2,500 people having paid the ransom.

However, actual numbers of victims could be even higher, as the security vendor found that the initial file that starts the infection was downloaded 137,000 times during December alone, mostly by users in Russia. Over 3,000 downloads were reported for UK users.