Malware Scammers Using Scare Tactics to Promote Ransomware Messages in Attempt to Receive Payment
Earlier last month, (December 2012) several articles were posted online warning Internet Users to be aware of a scam used by cybercriminals known as ‘Ransomware’. The ransomware is also referred to as ‘Reveton’, AKA ‘Trojan Ransomlock G’. The malware is now known as the virus that gives extortionist the ability to lock your computer and require ransom money before unlocking it.
In a statement issued by Symantec, they are stating that this Ransomware ‘rumor’ is false and is merely a predatory tactic that scammers are using to intensify peoples’ worries.
Last Monday, a security firm said that the original claim by the cybercriminals indicated that if you receive the Ransom malware, your computer hard drives would be wiped clean. Needless to say, this caused additional concerns from Users resulting in further public fear and panic.
Jeet Morparia, a Symantec researcher, posted on a Dec. 24 blog post, “This is an attempt to extort money from computer users by taking advantage of human weakness when under panic and pressure.”
When the malware has been downloaded and infects your personal computer, the malware will disable the machine and / or will encrypt the files. Once the files are encrypted, the ransom note will display and has the capability (when available) to verbally demand the ransom be paid immediately. When the User pays the ransom, the note indicates that the computer will be restored to its original state.
Symantec has referred to this modus operandi as “an extortion racket” that has been used within the last past six (6) years. These tactics have mostly been practiced in Eastern Europe until recently with very minimal success and failed attempts. These scare methodologies are now being seen in other countries such as U.S and Asia.
The ransomware also advises that any attempt to evade the lockdown mode of the computer, will cause your computer to become permanently damaged resulting in a major catastrophe.
The online massage on the screen goes on to state that – the User is being cited for violating a law and that, “An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.”
Per Morparia, this is not a true statement; Morparia also said that the Symantec analyst did not find any evidence of the disk / hard drives being wiped out as part of the malware code.
Morparia advised that victims not pay the cybercriminal. He wrote — “DO NOT PAY THE RANSOM,” using uppercase letters as an indication of yelling stressfully. He advised that in liue of paying the ransom, simply remove the malware. Fortunately, there are solutions supplied by trusted security application vendors to find and abolish ransomware threats and any other phony antivirus software.
On a good note, Symantec has given credit and high praises to a blogger that carries the nickname “Kafeine” for his commentary on the unsupported wiping abilities for the ransomware. Kafeine also gave credit where credit is due to a security company called Trend Micro. In December 2012, the Trend Micro security company actually found the variant.
Morparia said that the newer ransomware version also includes additional features, , such as a large ransom hike, from $200 to $300, to in order for your computer to be “unlocked” and gave a phony time limit of forty-eight (48) hours that was displayed on the computer screen
The message is reading as if it is being generated from the FBI or law enforcement agency. For example, the message will come across from the agency as the User violating software licensing laws, copywriting laws or viewing child pornography and says that the User has been monitored via webcam.
Although the Ransomlock is a sham and is indicating that the message is from a law enforcement agency, the malware adheres and adapts to where the victim is located and has the ability to translate the countries language, as well as, refer to the appropriate term of the local agency. For example, United States Users will view the message from Department of Justice’s FBI and Germany’s federal police, Bundesamt für Polizei will be viewed by German Users.
Symantec posted in another statement last November, saying that due to the increase in panic and worldwide expansion of the ransom malware that millions of criminals have reaped from these scams.
If you are the victim of one of these scams, please remove the malware from your computer or contact your antivirus vendor.