New Ransomware Hits Cyber Street

Thursday, April 26, 2012 @ 01:04 AM gHale


Ransomware infections have become more popular among cyber criminals and there is now a new Trojan out there helping generate more of the malware.

Identified by Symantec as Trojan.Ransomlock.K, the malicious element communicates with a command and control server from which it receives its orders.

RELATED STORIES
Ransomware Thriving, Taking Control
Malware Alert: A Scareware, Ransomware Blend
Apple Picks Off Flashback Malware
Tool to Counter Cyber Threats

The interface that allows the cyber crooks to communicate with their Trojan is the Silent Locker Control Panel and according to the experts, it is somewhat similar to other control panel used for pieces of malware such as ZeuS and SpyEye.

The Russian variant of the Silent Locker Control Panel found by experts offers a number of options. First of all, it tracks the infected computer’s location and date, information used for billing.

Also based on the location, the cyber criminal can choose what picture the ransomware displays when it takes over a computer. For instance, if the victim resides in the UK, a picture of the Metropolitan Police could appear.

If notifications that rely on the reputation of a law enforcement agency don’t work, the fraudsters can always turn to fake Windows Security Checks or other scams that may convince the victim that his/her device faces a block for performing illegal activities, or even because of some phony system errors.

While in this case experts haven’t found a Trojan builder for Ransomlock.K, they believe the kit most likely comes with one. Similar to SpyEye and ZeuS, most crimeware kits offer the complete package: Trojan, builder and control panel.



Leave a Reply

You must be logged in to post a comment.