Innovating The Next Big Thing April 27, 2015 ph.gif
ph.gif
Sections

Network & Information Security
Weapons of Mass Destruction
Homeland Security & Defense
Terrorism & Counterterrorism
Insurgency & Counterinsurgency
Energy, Infrastructure & Environment
Strategic Innovator: Strategy, Strategists and Strategic Thinking
Remembering 9/11
About

Next Innovator Group

TechnologyInnovator
• NextInnovator
EnterpriseInnovator
SecurityInnovator
DefenseInnovator
WirelessInnovator 
• HPinnovator
EnergyInnovator
TransportationInnovator  

Contact

• NextInnovator(at)Live.com

Writers Wanted

Writers Wanted

Feedjit Live Traffic Feed


Terrorist Alert Level



Homeland Security

Security Innovators

• The Clausewitz Home Page 
Small Wars Journal
Stratfor Geopolitical Weekly
Computerworld Security Blog
eWeek Security Blog
Information Security
Infoworld Zero Day Security
Cheap Hack: Larry Seltzer's New Blog
Security Insights Blog 
McAfee Audio Parasitics
McAfee Avert Labs Blog
Mike Rothman's Blog
Network Computing Daily Blog
NetworkWorld, Buzzblog
Security Fix, Brian Krebs
ZeroDay, Ryan Naraine
Rethinking Security

Next Innovators

Ghost City
Frontline Sentinel
• Innovation Insights
WebInno
Over the River
Enderle Group
Security Insights Blog 
McAfee Audio Parasitics
Rethinking Security
Ovum
iSuppli
Canalys
• eMarketer 
• CRM Help Desk SW 
Rethink Research

McAfee AudioParasitics


 
Books on Terrorism

Books on Network Security

Books on WMD

Barry's Book Shop
Ads

ph.gif ph.gif
Network & Information Security McAfee Blogs: ‘Police Ransomware’ Preys on Guilty Consciences
Sep 11, 2012 – Francois Paget   

“Police ransomware” is big business, generating millions of euros for organized criminal groups. In May, at Europol’s headquarters in The Hague, police officers from 14 EU member states affected by this threat met with representatives from Europol, Eurojust, Interpol, and industry. Police ransomware, as explained on the Europol website, typically appears as a pop-up window, claims to come from a law enforcement agency, and accuses the user of visiting illegal websites. The screen freezes with a message that says the system will be unlocked only after payment of a fine, by Ukash, Paysafe, Toneo, or MoneyPak. Demands are very often specific to the country of the victim, pretending to be issued by local law enforcement agencies and written in the local language.

The recent Threats Report from McAfee Labs shows an impressive increase in this field, with police ransomware the main culprit:

Several posts around the Net describe some of these malware. I’ll summarize the most common, with help from the botnets.fr wiki, created and maintained in France by various malware researchers. This wiki is a great tool for understanding botnets and ransomware, and contains data, screenshots, and MD5s related to these threats.

  • ACCDFISA — Dacromf: Appeared in February, mostly in the United States. It targets Microsoft Windows Terminal Server Edition. ACCDFISA is the acronym for an imaginary security department: the “Anti Cyber Crime Department of Federal Internet Security Agency.”
  • Americana Dreams — VirTool:Win32/Injector.DA: A ransomware using MoneyPak (August)
  • Gimemo: First variants in May 2010. At that time the malware asked users in Russia to dial surcharged cell phone numbers to unblock their PCs. In March 2012, it started using Paysafe and claimed to act as a society of authors and music publishers (SUISA for Switzerland, GVU for Germany, AKM for Austria, PRS for the United Kingdom, SACEM for France, etc.).
  • HmBlocker: First variants appeared in 2010
  • Madlerax: Appeared in September
  • Malex — FBI PC lock: Appeared in August
  • PornoBlocker: Appeared in 2009. It asks users in Russia to replenish Beeline cell phone numbers to unblock their PCs. In March 2011, a PornoBlocker version was disguised as the German Federal Police.
  • Ransirac — GEMA ransomware: First variant in February. It claims to arrive from GEMA (Gesellschaft für musikalische Aufführungs), an authorized German collecting society for musical performing and mechanical reproduction rights.
  • Ransom.II — CELAS, FBI ransomware: Appeared in June. It spread in the United States, and uses the Ultimage Game Card payment system (August). In its first variants, the malware claims to be CELAS, a German company representing a certain part of EMI Music Publishing, or the FBI.
  • Reveton/Rannoh/Matsnu: The first Reveton variant appeared in November 2011. Some are now known as Matsnu (since  January) and Rannoh (since April). The last Reveton variants include a camera feature.
  • Silence LockerTrojan.Ransomlock.K: A crimeware kit (builder and control panel) offered on the underground market beginning in February
  •  Supern0va: Appeared in April. It uses a control panel.
  •  Tobfy: Appeared in June. Tobfy includes a camera feature. Its default landing page tries to mimic Interpol.
  • ULocker: Another ransomware tool. Offered on a private carding board in July. Ransomware made with this tool claims to have arrived from the International Police Association.
  • Urausy: Appeared in July
  • Weelsof: Appeared in April
  • Win32/LockScreen — Euro Winlocker: The first LockScreen variants appeared in 2009. To regain access to the computer, the user was asked to send an SMS message to a specified telephone number in exchange for a password. Since 2011, many versions have been distributed in Europe.
  • Winlock Affiliate: An old affiliate offer. Winlock detections existed before 2009.


» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...

AddThis Social Bookmark Button

Comments
blog comments powered by Disqus

Search SecurityInnovator

ph.gif ph.gif
Support This Site



Newest Articles

• 4/17 DHS News: DHS Announces Appointment of New Members of the Homeland Security Advisory Council
• 4/17 McAfee Blog Central: Cybercriminals upped their game in 2014, according to Verizon report
• 4/17 McAfee Blog Central: Breaking Beebone: Global Takedown, Local Shut Down
• 4/16 DHS News: Statement by Secretary Jeh C. Johnson on the Confirmation of Russell C. Deyo
• 4/15 DHS News: Readout Of Secretary Johnson’s Meeting With Mayor Nutter
• 4/15 McAfee Blog Central: Botnet to Cybersecurity: Catch Me If You Can
• 4/14 Symantec News: Deceptive New Tactics Give Advanced Attackers Free Reign Over Corporate Networks
• 4/14 McAfee Blog Central: Taking a Close Look at Data-Stealing NionSpy File Infector
• 4/14 McAfee Blog Central: Verizon Report Foreshadows Breaches Originating With IoT Devices
• 4/13 Symantec News: Symantec Expands Incident Response Services Globally
• 4/13 Symantec Connect: The Old and New; The Difficulties of Keeping Up To Date
• 4/13 McAfee Blog Central: Do you have a mobile wallet?
• 4/13 Cyber Trust Blog: A cornerstone to trust in technology – compliance – proves foundational as more U.S. government organizations adopt cloud services
• 4/10 DHS News:Statement By Deputy Secretary Mayorkas On The Death Of FPS Contractor Lawrence Buckner
• 4/9 McAfee Blog Central: Takedown Stops Polymorphic Botnet
• 4/9 McAfee Blog Central: Reducing your breach risk through vendor consolidation
• 4/8 McAfee Blog Central: Phishers take on the White House and win
• 4/8 Cyber Trust Blog: Transparency & Trust in the Cloud Series: Omaha and Des Moines
• 4/6 DHS News: Statement by Press Secretary Marsha Catron on Secretary Johnson's Upcoming Trip to China
• 4/6 Symantec News: Symantec to Webcast Quarterly Earnings Call
• 4/6 McAfee Blog Central: 4 Tips for Spring Cleaning Your Digital Life
• 4/3 DHS News: Readout Of Secretary Johnson's Meeting With Mayor de Blasio
• 4/1 DHS News: Readout Of Secretary Johnson's Trip to Connecticut
• 4/1 McAfee Blog Central: British Airways frequent flyers report stolen air miles
• 3/31 DHS News: Statement By Secretary Jeh C. Johnson On The Subpoenas Announced By Chairman Chaffetz
• 3/31 McAfee Blog Central: The Scan: 5 Habits of Practically Unhackable People
• 3/31 Cyber Trust Blog: RSA Conference 2015: Enhancing Cloud Trust
• 3/31 HP Security Products Blog: Join us at the HP Software Government Summit--on April 7th!
• 3/30 McAfee Blog Central: Endpoint Security Questions Every Leader Should Ask
• 3/30 RSIS Report: Negotiating Issue: Preventing Proliferation Assistance between Iran and other Proliferant States or Entities
• 3/30 HP Security Products Blog: Enterprise network security: What’s new for the week of March 23, 2015
• 3/27 DHS News: Statement by Secretary Johnson on Today's Visit to New Orleans
• 3/27 HP Security Products Blog: Securing the Internet of Things: Mapping IoT attack surface areas with the OWASP IoT Top 10 project
• 3/26 DHS News: Statement by Press Secretary Marsha Catron on Secretary Johnson’s Upcoming Trip to Louisiana
• 3/26 McAfee Blog Central:Cloud Computing – It’s a Question of Trust
• 3/26 McAfee Blog Central: ‘Banking’ Malware Dridex Arrives via Phishing Email
• 3/25 Symantec Connect: Symantec DLO 8.0 Beta is now available !
• 3/25 McAfee Blog Central: Shifting the Focus: Cybersecurity as an Enabler
• 3/25 HP Security Products Blog: Is it stupid to "Think like a bad guy"?
• 3/25 HP Security Products Blog: HP Cyber Risk Report 2015: spotlight on the applications
• 3/24 DHS News: Statement By Deputy Secretary Alejandro Mayorkas Regarding The DHS Inspector General’s Report
• 3/24 McAfee Blog Central: POS Malware Uses Time-Stamp Check to Evade Detection
• 3/24 RSIS Report: Adequate Verification Under a Comprehensive Iran Nuclear Deal
• 3/23 DHS News: Readout of Secretary Johnson’s Meeting with Bulgarian Deputy Prime Minister Bachvarova
• 3/23 McAfee Blog Central: Lock Down Your Cloud With McAfee Public Cloud Server Security Suite
• 3/23 HP Security Products Blog: HP ArcSight Logger launches mobile app for monitoring on-the-go
• 3/23 HP Security Products Blog: Back to the Basics: Defining a Use Case for SIEM
• 3/20 DHS News: Statement By Secretary Jeh C. Johnson Announcing The U.S. Secret Service Deputy Director And Creation Of The Chief Operating Officer Position
• 3/20 McAfee Blog Central: Premera Blue Cross Becomes the Latest Victim in Cyber Assault on Healthcare Networks
• 3/20 HP Security Products Blog: Enterprise network security: What’s new for the week of March 16, 2015

AddThis Feed Button

Barry's Books


Ads

ph.gif
ph.gif Top ph.gif

© 2008 SecurityInnovator. All rights reserved.