A campaign of “ransomware” is locking people out of their computers unless they pony up the right amount of money.
Spotted by security blog abuse.ch, the malware taps into an exploit kit known as “Blackhole.” Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader.
If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software’s weakness by downloading the Trojan to the PC and then running it. Once the PC is infected, the user will receive a message on the screen saying that the computer has been locked for illegally downloading pirated music.
The message aimed toward those in the U.K. further says that “to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds,” around $80. The directions instruct the user to submit payment using an online payment system called Paysafecard. The message itself tries to look official with a logo of the Metropolitan Police at the top.
The malware has so far been targeting users in the U.K., Germany, France, Switzerland, Austria, and the Netherlands. The criminal behind this campaign appears to speak German, according to abuse.ch, since the local URLs used in this scam are all in German.
But the messages are, of course, written in the native language of the intended victims of each country, even going so far as to tell them where and how to obtain Paysafecard locally.
The ransomware carries a further payload in the form of a Trojan called Aldi Bot, which steals banking information, abuse.ch added.
Ransomware has been plaguing people for a number of years.
Cybercriminals often target specific companies by encrypting important data and then demanding money in exchange for decrypting the data. But individual users are equally affected by a form of ransomware called scareware.
In March, abuse.ch uncovered another strain of malware known as “Win32/LockScreen” that locked the user’s computer, accusing the victim of storing “terrorism and child pornography.” Other variations on scareware often infect or disable the computer in some way and then try to trick the user into purchasing phony security software to eliminate the problem.
The advice, as always, is to make sure that your browser and third-party plug-ins remain up to date with the latest security patches.