Ransomware Operations Adapted to the Targeted Country

Ransomware, a piece of malware that makes a computer useless until the victim pays a certain amount of money allegedly needed to make it useable again, has been seen targeting the citizens of many countries, and to make everything seem more realistic, crooks involve the name of the local law enforcement authorities.

Researchers from the Microsoft Malware Protection Center (MMPC) came across several samples that were designed to target English, Spanish, German and Dutch speakers.

The names of the German Federal Police, GEMA (Germany's performance rights organization), the Swiss Federal Department of Justice and Police, the UK Metropolitan Police, the Spanish Police and the Dutch Police are all institutions whose names and reputations are utilized by the crooks to make their campaigns seem more legitimate.

Once executed, the ransomware locks up a device and displays a message that claims the user is possessing illegal content, demanding the payment of a fine in order for the machine to be unlocked.

Besides the message, official pictures and banners belonging to the law enforcement agencies are also presented.

The figures show that between July and November, the Trojan called Win32/Ransom.DU was found on more than 25,000 computers in Germany alone, which represents 91% of the total infections.

In many of the cases, the Blackhole exploit kit is responsible for distributing ransomware.

By clicking on links from spam messages, or by visiting compromised domains that host the exploit kit, a user can easily end up with a malicious file that may give him the chills.

On some of the occasions, the spam campaigns that spread these malevolent elements were generated by the Cutwail botnet.

Users who encounter such scenarios are advised to seek help or to try to disinfect their computers, but never pay the sum of money requested by the cybercriminals who launch these operations. In most cases, the unlock code required is never provided, so even after the fine is paid, the computer will still remain unusable.