The malware actually shows the illegal content allegedly accessed by the victim
A piece of ransomware is locking up the computers of German users on behalf of the country’s Federal Criminal Police (BKA) and the Society for Prosecution of Copyright Infringement (GVU). Victims are accused of committing 8 different crimes, including copyright violations, terrorism and distribution of illegal content.Victims are asked to pay a fine via Ukash or PaySafe in order to have their computers unlocked.
The difference between this Trojan and others seen so far is that this variant actually contains illegal pictures featuring children.
“Now, together with other eight possible misdeeds, the user is accused of hosting and distributing child [adult content] materials from his computer. The computer is identified via IP address and geo-ip location,” Avira experts explained.
They say that the malware is distributed via drive by downloads as an executable file. Once it infects a computer, it alters registry entries to ensure that the device can’t be started normally, and not even in Safe Mode.
German authorities advise users never to pay the ransom, no matter how legitimate the warning looks.