14 DAY TRIAL // Trend Micro researchers have thoroughly analyzed the latest threat that takes control of the affected machines, blocking them on behalf of various law enforcement agencies, demanding payments from the victims.
Experts found that the cybercriminals that target the computers of Internet users from numerous European countries may be from Russia or Ukraine, relying on the services of Alliance Bulletproof Hosting and separate command and control (C&C) servers from the United States, United Kingdom, Germany and Ukraine.
It’s believed that there may also be a central C&C server that coordinates the entire operation.
As it turns out, the cybercrooks are not novices. They’re suspected of being involved in several other campaigns that relied on pieces of malware, such as Carberp, ZeuS, fake AV Trojans, and even TDSS rootkits.
It has been determined that the main way in which the ransomware is spread is via websites that offer adult content. These sites push the malware onto the computers of their visitors, later accusing them of accessing objectionable content.
Adult websites are not the only ones that serve ransomware to unsuspecting users, but they are responsible for most of the infections.
The fraudsters rely on the fact that users who access the adult sites will know that the accusations brought against them are true, increasing the chances of them paying the alleged fine without raising too many questions.
“In sum, we are looking at a Russian-speaking cybercriminal gang with a dynamic network infrastructure that probably uses an affiliate network to help spread the ransomware Trojan and infect as many people’s systems as possible,” the report made by Trend Micro concludes.
The bottom line is that the German Bundes Polizei, the Italian Guardia di Finanza, the Spanish La Policia Espaniola and the British Metropolitan Police will never hold your computer hostage, even if you accessed illegal content.
This is why the best way to remove the threat is to use a decent security software or to call in a professional that can rid you of the pesky warning. Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1