07 May 2012

Targeted Ransomware Affects UK, Germany, France

Newly discovered ransomware targets U.K., Switzerland, Germany, Austria, France and the Netherlands users by locking their computers for alleged “Child Porn and Terrorism” detection. A drive-by “Blackhole” exploit is used to spread the malware and victims with unpatched third-party plug-ins for Adobe Flash Player, Adobe Reader or Java are prone to these attacks.

"To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of £50 (US$80)," the ransomware reads.

If the location-based malware detects UK users, the appropriate content is delivered, along with an Aldi Bot malware component that can be used to perform denial-of-service attacks or even steal online back account credentials.

“If the installed Java version on the victims computer is not up to date (unpatched), the downloaded jar file (Edu.jar) will exploit a well known vulnerability in Java which will trigger the download of the payload (Trojan) and finally execute it to infect the computer,” says Roman Hussy.

Paysafecard credentials are asked for ramsomware payment and even given information on where these cards can be purchased. Available through Europe and U.S., these prepaid cards allow fraudsters to scam a huge number of users.