tumblr hit counter

The Rise of the Ransomware

Jan 19

In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones are posing as the very same law enforcement agencies.

While we are use to see this kind of fake messages in English, in this case the attacks are localized, we have seen English, German, Spanish or Dutch language (among others), depending on the targeted country. All of the attacks are targeting some European country, so it looks like that all of them are related and the same cibercriminal gang could be behind them.

The last one has appeared a couple of days ago, this time it is targeting Spain. The file is using as icon the following Internet meme:

Once infected, this is what you will see in your desktop:

In the message it says that it has been detected access to illegal material (such as child pornography and spam about terrorism) from that computer, and that the computer will be locked to prevent such a use. To solve that you have to pay a fine of €100:

The worst thing for the user is that it actually blocks the computer, so it is not easy to remove. To do it, restart the computer in safe mode and run a scan with an antivirus solution that is able to detect it.

These are different examples we have seen in the last months:

English

Italian

Dutch

German

Spanish

Post to Twitter

  • (10) Comments

Comments

  1. LC says:

    We have this in canada now posing as “Canada Security Intelligence Service”

Trackbacks

  1. [...] samo jak zdolność użytkowników do ulegania niezbyt wyrafinowanym podstępom. Jak opisuje blog Pandalabs, w sieci pojawił się wirus, wyświetlający użytkownikowi stronę stylizowana na policyjny [...]

  2. [...] PandaLabs said the latest wave of ransomware attacks are localized, with some in English and others in German, Spanish or Dutch. “In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones are posing as the very same law enforcement agencies,” it said in a blog post. [...]

  3. [...] PandaLabs said the latest wave of ransomware attacks are localized, with some in English and others in German, Spanish or Dutch. “In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones are posing as the very same law enforcement agencies,” it said in a blog post. [...]

  4. [...] on this blog we have posted several reports on the Police Virus and its evolution over time. This evolution is absolutely normal and it [...]

  5. [...] on this blog we have posted several reports on a Police Virus and a evolution over time. This expansion is positively normal and it doesn’t [...]

  6. [...] de-a lungul timpului si am descoperit diferente frapante intre ele.” La adresa blogului Panda  (http://pandalabs.pandasecurity.com/the-rise-of-the-ransomware ),  Louis Corrons a postat cateva rapoarte despre acest virus “Politie” si despre evolutia [...]

  7. [...] de-a lungul timpului si am descoperit diferente frapante intre ele.” La adresa blogului Panda  (http://pandalabs.pandasecurity.com/the-rise-of-the-ransomware ),  Louis Corrons a postat cateva rapoarte despre acest virus “Politie” si despre evolutia [...]

  8. [...] Directorul Tehnic al Panda Security Spania, Louis Corrons presupune că există mai multe grupări infracţionale în spatele atacului. “Am ajuns la această concluzie după ce am studiat multiple variante ale acestui malware de-a lungul timpului şi am descoperit diferenţe frapante între ele.” (http://pandalabs.pandasecurity.com/the-rise-of-the-ransomware ). [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories