14 DAY TRIAL // Cybercriminals did their best to make sure that the result for a specific search on Bing was displayed on the first page so that they could run a ransom scam on the victim.
Searching for more information about Katie Matysik on Microsoft’s search engine brings a malicious result on the first page. Once accessed, the user is redirected to a malicious address that executes JavaScript code to lock the browser.
Actions like opening a new tab, accessing one that is already open, or closing any of them are blocked. Not even closing the web browser can be done.
Cybercriminals also provide a reason for taking this action, and they’ve appealed to police-themed ransomware messages that accuse the user of viewing, storing and distributing adult content.
Furthermore, the fake announcement lists a set of charges, from copyright infringement to “unauthorized access to sensitive information on the Internet” and spam distribution.
The situation may seem quite dire, but luckily, the victim is offered the possibility to get away with everything by paying a fine.
Although to many this may seem like a joke, there have been cases in which victims have committed suicide because of them.
The ransom notice may be localized, as we’ve seen it being served in multiple versions. In our case, the domain was “http://system-check-gcmknmgk.in/js,” but Dr. Johannes Ullrich of the Sans Institute says the message was loaded on “http://system-check-yueedfms.in/js.”
The ransom fee also seems to differ and multiple payment systems are used, such as MoneyPak, PaySafeCard and Ukash, which offer prepaid vouchers.
It looks like the crooks ask for the same amount (300), regardless of the currency used by the victim. Moreover, they provide indications for purchasing the vouchers.
The general recommendation as far as ransomware is concerned is not to pay. Since computer activity is not restricted, in this case, terminating the browser process from Task Manager does the trick; just be careful not to restore the last session, the one with the malicious link.
Users can protect themselves against this sort of threats by simply restricting JavaScript on webpages with add-ons like NoScript. Antivirus software also blocks malicious pages from loading.
Regarding the fact that the specific search involved in this case was about Katie Matysik, we do not know why she would be of particular interest, but scammers can lure the victims to click on the bad link through spam. We did find some information about Katie Matusik (who is an Arizona gymnast) that also returns the malicious link on Bing.