LEA intervention on the internet may encourage ransomware

rnbxclusive is a music download site that has been taken over by the UK’s Serious Organized Crime Agency (SOCA). The site now displays a warning that the ‘individuals behind this site have been arrested for fraud,’ and warns visitors that if they have used the site for downloads they ‘may have committed a criminal offence which carries a maximum penalty of up to 10 years imprisonment and and an unlimited fine.’

Although this takedown would appear to be under the aegis of the common law offense of conspiracy to defraud rather than any of the increasing rights of the music industry, it is nevertheless an example of something that might become more common if the Anti-Counterfeiting Trade Agreement (ACTA) or any of the various national proposals such as SOPA and PIPA become law. Internet users can expect to see rightsholders exerting their rights through the LEAs.

Meanwhile, CA researcher Rossano Ferraris has described a similar-looking warning that is appearing on some italian users’ PCs. This notice, this time not genuine, appears to be from the Italian police and is ransomware. It warns the user that the IP address of the machine has been confiscated because it is illegally hosting child pornography and disseminating terrorist-related spam. “The fake message goes on to state that in order to unblock the computer the user must pay a fine of 100 Euros within 24 hours,” notes Ferraris.

The malware blocks the computer by “disabling the Task Manager and compromising the registry of the Windows operating system.” A new registry entry forces the malware to run on system start-up.

A danger for computer users is that as we become more accustomed to LEA interventions, we will be less surprised to see notices from the police and more likely to believe them. Users are continually told that, statistically, they are already likely to be infected by some malware or other. This will, in turn, encourage malware producers to develop more and more of this type of ransomware.

What’s Hot on Infosecurity Magazine?