We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Ransomware gang impersonate UK police to spread Trojan

Ransomware gang impersonate UK police to spread Trojan

Demands payment for accessing extremist websites and porn

Article comments

The recent spate of ransom malware has taken a strange turn with the news that criminals are impersonating the UK’s Metropolitan Police Service in an attempt to persuade victims to pay a fine for being caught accessing extremist or porn websites.

After apparently being alerted by members of the public and an unamed security company, the Met’s Police Central eCrime Unit (PCeU) has put out a warning about the scam in which unnamed malware locks up infected PCs before demanding a “substantial fee” be sent to the police organisation.

“The message advises the user that they have been caught accessing extreme pornography or terrorism related websites,” said a note put out by the PCeU. “It states that to unlock their computers they are required to forward a substantial fee to the MPS, by way of an online payment service.”

The PCeU was not able to confirm which malware was involved nor to elaborate on the infection mechanism beyond stating that infection could happen after visiting “certain websites,”a vagueness that compromises the usefulness of the warning to some extent.

Given the adoption of the MPS as the method of threat, however, the attack will be aimed at UK users who have no connection to either porn or extremism.

The attack is similar to Ransom.an, a Trojan reported only days ago which demands in German language text that claims to be from Microsoft that victims pay $126 for a Windows license within 48 hours or be locked out of their PCs.

This type of ransom social engineering attack has flared up every now and again at relatively low levels ever since first being tried in 2006, with one of the most persistent culprits being Gpcode. Usually the locking mechanism is either non-existent or can be reversed easily by security researchers; occasionally the attack has used encryption but that approach has fallen out of favour because it adds complexity.

Ransom attacks are nowadays mostly extreme variations on fake antivirus scam theme, where attackers seek to gain payment for non-existent PC infections. It is probably the success of this type of attack as much as anything else that has kept ransom malware on the fringes.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *