Ransomware infections have become more popular among cybercriminals, and security researchers have come across another Trojan that fuels such campaigns. The novelty in this scenario is that the control panel that’s being utilized in the scheme has been found.Identified by Symantec as Trojan.Ransomlock.K, the malicious element communicates with a command and control server from which it receives its orders.
The interface that allows the cybercrooks to communicate with their Trojan is called Silent Locker Control Panel and according to the experts, it is somewhat similar to other control panel used for pieces of malware such as ZeuS and SpyEye.
The Russian variant of the Silent Locker Control Panel found by experts offers a number of options. First of all, it tracks the infected computer’s location and date, information that can be used for billing.
Also based on the location, the cybercriminal can choose what picture the ransomware displays when it takes over a computer. For instance, if the victim resides in the UK, a picture of the Metropolitan Police can be used, the default image being the one shown in the screenshot.
If notifications that rely on the reputation of a law enforcement agency don’t work, the fraudsters can always turn to fake Windows Security Checks or other scams that may convince the victim that his/her device is being blocked for performing illegal activities, or even because of some phony system errors.
While in this case experts haven’t found a Trojan builder for Ransomlock.K, they believe that the kit most likely comes with one. Similar to SpyEye and ZeuS, most crimeware kits offer the complete package: Trojan, builder and control panel.
The bottom line is that no matter if you find your computer being held hostage by a law enforcement agency, or by a fake security solutions provider that urges you to purchase cleaning products, never ever pay the amount of money they demand.