Ransomware pretending to be law enforcement

Ransomware usually locks the user’s computer and demands money for it to be released. The current campaign locks the computer and displays a message purporting to come from a national law enforcement agency. It suggests that the user’s computer has been found visiting various illegal and unsavory websites, accuses the user of distributing terrorist material, and suggests that illegal material is stored on the computer.

To release the computer the victim will have to pay a fine of £100 or €100. An additional direct threat is that if the user fails to pay the ransom/fine, the ‘program will remove illegal materials while keeping your personal information is not guaranteed.’ Since users have become accustomed to the idea that law enforcement agencies are increasingly proactive in policing the internet, the fear element makes this threat just feasible. Even if the user is confident that he or she has done no wrong, the possibility that the program might ‘accidentally’ destroy the legitimate content of the computer is used as an additional lever.

One of the new developments in this campaign is the degree of localization. It is largely a European campaign delivering the threat in the correct language: English, Spanish, German, Dutch and others, and supposedly emanating from the local law enforcement (Metropolitan Police in English, Bundespolizei in German, Politie in Dutch). PandaLabs has discovered a new variant in Spanish.

The campaign uses drive-by downloading instigated by a combination of the Cutwail botnet and the Blackhole exploit kit to spread the malware. The botnet delivers spam that includes a link to a compromised web page. The webpage redirects the user to a malicious website housing Blackhole. The exploit kit then looks for one of a variety of vulnerabilities on the user’s computer and, if successful, infects the computer with the ransomware trojan.

Luis Corrons, the technical director of PandaLabs, suggests that if infected, users should “restart the computer in safe mode and run a scan with an antivirus solution that is able to detect it.”

Ransomware pretending to be law enforcement

You may also like

Internet piracy could be fought with legalized ransomware

Trusteer finds new ransomware variant

Ransomware threat on the increase

New variant of the police scareware virus emerges

Should we Make Ransomware Payments Illegal?

What’s hot on Infosecurity Magazine?

Linux Cerber Ransomware Variant Exploits Atlassian Servers

US Government and OpenSSF Partner on New SBOM Management Tool

Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

EU Elections: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Banning Ransomware Payments Will Do More Harm Than Good

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Russia and Ukraine Top Inaugural World Cybercrime Index

FBI Warns of Massive Toll Services Smishing Scam

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Cracking the Culture Code: Building a Cybersecurity-Aware Workforce

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024