Threat researchers have warned that infections of porn site-related ransomware known as “Kovter” have more than doubled over the past month to top 15,000.
Security firm Damballa analyzed traffic from nearly 50% of North American ISPs, around a third of North American mobile traffic and significant volume from business networks across the globe.
Threat researcher, Gina Pimentel, explained in a blog post that Kovter typically targets users of adult websites, taking control of the computer or mobile device. It then pops-up a message claiming the user has broken the law and must pay a fine by a certain time to avoid prison time.
“Many Ransomware families capture and display system and user information to legitimize allegations of a ‘crime’. Kovter takes this to an extreme,” she continued. “The malware scans your browser history searching for adult websites and associated cached content, which it presents on the splash screen while locking your computer as ‘evidence’.”
If no adult site browsing history can be found the malware creates that evidence by redirecting the victim’s browser to an adult site before logging and retrieving content, claimed Pimentel.
“This horrendous malware family has even been known to retrieve and display child pornography content,” she said.
She recommended users deal with ransomware like Kovter by using “trusted sources and tools” to remediate infections and by reporting any such incidents to the relevant authorities.
For those in the US, she suggested the Internet Crime Complaint Center (IC3) – a joint venture between the National White Collar Crime Center and FBI – as a good first point of call.
Kovter is just one of an increasing range of ransomware types spotted in the wild by researchers.
Earlier this month, Romanian outfit Bitdefender warned Android users of a new attack campaign which seems to take its cue from Reveton/IcePol ransomware and has a similar M.O. to Kovter.