Trend Micro researchers have analyzed attacks aimed at users in Turkey and Hungary

Feb 22, 2014 15:41 GMT  ·  By
Ransomware designed to target users in Turkey (top) and Hungary (bottom) - click to see full
   Ransomware designed to target users in Turkey (top) and Hungary (bottom) - click to see full

Security researchers from Trend Micro say they’ve identified a couple of ransomware attacks which suggest that cybercriminals are adapting their tactics to target local markets. A couple of attacks have been spotted – one aimed at users in Turkey and one at Hungarian internauts. 

The Turkish variant doesn’t have a fancy interface. Instead, users are notified via a pop-up and the desktop wallpaper that they must pay a certain amount of money within three days to recover their files.

Victims are told that their most important files have been encrypted using a technique that makes them impossible to recover without the proper key. The attacker in this case uses an email address that belongs to a provider in Ukraine. The malware is detected by Trend Micro as TROJ_RANSOM.ZD.

The second piece of ransomware, TROJ_RANSOM.HUN, targets users in Hungary. Victims are told to pay 20,000 Forints ($88 / €64) to recover their files. Payment can be made via SMS or paysafecard codes.

“While the attacks may have very similar behavior, our analysis indicates that the malware files themselves are not related. This indicates that multiple cybercrime gangs have ‘gone local’ and are adapting ransomware tactics to their local ‘markets’; they may have been inspired by the success of CryptoLocker in recent months,” experts noted.