The malware checks the websites visited by the victim to make everything look real

Aug 26, 2013 13:07 GMT  ·  By

Ransomware, the malicious elements that lock your computer’s screen and demand that you pay up if you want it unlocked, has leveraged the name and reputation of various organizations, including the FBI, Interpol, Europol, CIA, and various national law enforcement agencies.

Now, experts have come across a variant that leverages the controversial NSA PRISM surveillance program to scare users into handing over their money.

Security researcher Kafeine of Malware Don’t Need Coffee has analyzed the ransomware sample. The expert believes it was launched by the same cybercriminals who are behind the Kovter ransomware.

Similar to Kovter, the PRISM-themed malware also checks the victim’s history against a list of websites. If one of these websites is found, its address will be displayed in the lock screen to make everything more legitimate-looking.

Considering that a large number of people from all over the world have become aware of PRISM and the fact that the US government is monitoring the Web, it’s likely that many will fall victim to this trick.

If you come across this ransomware, don’t pay the so-called fine. Instead, try to use an anti-malware solution to remove the infection.