F-Secure researchers have been monitoring the threat

Aug 15, 2013 16:51 GMT  ·  By

Security researchers from F-Secure have been monitoring the evolution of a relatively new piece of ransomware dubbed Browlock. 

According to experts, threats of the Trojan:HTML/Browlock family don’t lock up the entire computer, as most pieces of ransomware do. Instead, they use the browser to display the lock screen which instructs victims to pay a “fine.”

Various techniques are employed to make sure victims can’t easily close the browser tab in which the lock screen is displayed.

The malware, which leverages the name and reputation of various law enforcement agencies depending on the target’s location, has hit users from several countries.

Initially, the ransomware targeted only users from the US, the UK and Canada, but now it has been spotted in Australia, the Netherlands, Spain and Germany. In each case, the name of the respective country’s national law enforcement agency is utilized.

F-Secure says the ransomware has been spotted on several domains, but all the lock screens are hosted on a single server in Saint Petersburg, Russia.

Check out the gallery to see what the lock screens look like.

Browlock ransomware lock screens (6 Images)

Browlock ransomware lock screen
Browlock ransomware lock screenBrowlock ransomware lock screen
+3more