Ransomware Attackers Pose As Police

  /     /     /  
Publicated : 22/11/2024   Category : security


Ransomware Attackers Pose As Police


Official-looking pop-ups claim discovery of child pornography, terrorist activity, then lock the victims machine until a ransom is paid.



In a new twist to ransomware attacks, the bad guys are pushing pop-up warnings posing as federal law enforcement messages that claim to have discovered illicit and illegal material on victims computers--and the malware locks down their machines and deletes data unless they pay a fine.
Ransomware is nothing new, but researchers at Microsoft say this latest batch includes different versions for each country it targets--English, Spanish, German, and Dutch--and poses as the German Federal Police, GEMA (Germanys performance rights organization), the Swiss Federal Department of Justice and Police, the U.K. Metropolitan Police, the Spanish Police, and the Dutch Police.
Even more chilling is the message with an official-looking police banner used to intimidate the victims, which says authorities have found evidence of child pornography and emailing with terrorists: Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland. Your IP address is . From this IP address, sites containing pornography, child pornography, bestiality, and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence, and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities.
The scam is spreading via malicious email messages purportedly from federal law enforcement as well as via compromised Web pages. The Trojan then locks down the victims machine and either encrypts or deletes data stored on the hard drive. It then goes on to ask for a payment of 150 CHF within 24 hours over Paysafecard, or the computers hard disk contents will supposedly be erased. To seem more legit, Trojan:Win32/Ransom.FS queries a legitimate public IP address geolocation service at tools.ip2location.com/ib2 to determine the country and the ISP from which the infected computer is connecting to the Internet, according to Microsoft.
Read the rest of this article on
Dark Reading
.
ITs spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. Its time to break free. Download our
Disaster Recovery Disaster
supplement now. (Free registration required.)

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware Attackers Pose As Police