ISSSource White Papers

Posts Tagged ‘PC blocked’

Monday, August 13, 2012 @ 06:08 PM gHale

Reventon ransomware, a virus that locks down a victim’s computer is growing if you believe the flood of complaints hitting the FBI’s Internet Crime Complaint Center (IC3).

“Your PC is blocked due to at least one of the reasons specified bellow,” reads the message that appears on screens, apparently coming from the FBI.

Police Virus Malware Growing
One Attack Starts at Web Site
Beware of Internet Scammers
Malware Continues Growth Cycle

“You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.”

Here’s how one of the victims described an incident:

“The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age [expletive] viewing, or computer-use negligence.

“It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”

Some variants take over the webcam, take a picture of the computer’s owner, and display it on the locked screen.

The organization issued a warning regarding Reveton in May 2012, but the number of infections has increased considerably since.

“Some people have actually paid the so-called fine. We are getting dozens of complaints every day,” said Donna Gregory of the IC3.

It’s highly recommended that users don’t give in to the demands made by the crooks. The best thing to do is to call a professional to remove the malware, and file a complaint on the IC3’s website.

Experts said the worst thing one can do is actually pay the fine demanded by the malicious element. They also warn ransomware like this can still operate in the background even if the user manages to unlock the device.

Tuesday, April 17, 2012 @ 05:04 PM gHale

Ransomware is out there targeting the master boot record to take control of a system, said researchers at Trend Micro.

The move is a step beyond typical pieces of ransomware, which usually encrypt files or restricts user access to the infected system. In this case, the malware copies the original MBR and overwrites it with its own malicious code.

Malware Alert: A Scareware, Ransomware Blend
Apple Picks Off Flashback Malware
Tool to Counter Cyber Threats
Botnet Rises for Third Time

“Right after performing this routine, it automatically restarts the system for the infection to take effect,” said Cris Pantanilla, a threat response engineer at Trend Micro.

When the system restarts, the users get a message telling them their PC will remain blocked until they pay a certain amount of money. Once payment occurs, the attacker promises to hand over a code to unlock the system, Pantanilla added.

Trend Micro said they have only seen one case of this particular piece of malware so far. The company did not have additional information about how the machine became infected. However in the last 30 days, the company has observed nearly 9,000 ransomware threats, the company said.

In February, French users ended up targeted in an attack when a legitimate website suffered a compromise and made to serve up phony notifications from the country’s National Gendarmerie police force that infected users. In January, Japanese users were the target of ransomware as part of a one-click billing fraud scheme focused on Android phones.

As of March 8, the United States was home to the largest percentage of the ransomware infections, and five of the top eight countries for infections were in Europe, Trend Micro said.

“Unfortunately, we may not be seeing the end of ransomware attacks just yet,” Pantanilla said.

Archived Entries