Innovating The Next Big Thing April 17, 2014 ph.gif
ph.gif
Sections

Strategic Innovator: Journal of Strategic Innovation
Network & Information Security
Terrorism & Counterterrorism
Insurgency & Counterinsurgency
Weapons of Mass Destruction
Homeland Security & Defense
Energy, Infrastructure & Environment
Remembering 9/11
About

Next Innovator Group

TechnologyInnovator
• NextInnovator
EnterpriseInnovator
SecurityInnovator
DefenseInnovator
WirelessInnovator 
• HPinnovator
EnergyInnovator
TransportationInnovator
SMBinnovator (beta)

Contact

• NextInnovator(at)Live.com

Writers Wanted

Writers Wanted

Feedjit Live Web Stats


Terror Alert Level


Homeland Security

Security Innovators

• The Clausewitz Home Page 
Small Wars Journal
Stratfor Geopolitical Weekly
Computerworld Security Blog
eWeek Security Blog
Information Security
Infoworld Zero Day Security
Cheap Hack: Larry Seltzer's New Blog
Security Insights Blog 
McAfee Audio Parasitics
McAfee Avert Labs Blog
Mike Rothman's Blog
Network Computing Daily Blog
NetworkWorld, Buzzblog
Security Fix, Brian Krebs
ZeroDay, Ryan Naraine
Rethinking Security

Next Innovators

Ghost City
Frontline Sentinel
• Innovation Insights
WebInno
Over the River
Enderle Group
Security Insights Blog 
McAfee Audio Parasitics
Rethinking Security
Ovum
iSuppli
Canalys
• eMarketer 
• CRM Help Desk SW 
Rethink Research
The Gadgeteer
Master the Moment

McAfee AudioParasitics


 
Books on Terrorism

Books on Network Security

Books on WMD

Barry's Books

 

Ads

ph.gif ph.gif
Network & Information Security McAfee Blogs: ‘Police Ransomware’ Preys on Guilty Consciences
Sep 11, 2012 – Francois Paget   

“Police ransomware” is big business, generating millions of euros for organized criminal groups. In May, at Europol’s headquarters in The Hague, police officers from 14 EU member states affected by this threat met with representatives from Europol, Eurojust, Interpol, and industry. Police ransomware, as explained on the Europol website, typically appears as a pop-up window, claims to come from a law enforcement agency, and accuses the user of visiting illegal websites. The screen freezes with a message that says the system will be unlocked only after payment of a fine, by Ukash, Paysafe, Toneo, or MoneyPak. Demands are very often specific to the country of the victim, pretending to be issued by local law enforcement agencies and written in the local language.

The recent Threats Report from McAfee Labs shows an impressive increase in this field, with police ransomware the main culprit:

Several posts around the Net describe some of these malware. I’ll summarize the most common, with help from the botnets.fr wiki, created and maintained in France by various malware researchers. This wiki is a great tool for understanding botnets and ransomware, and contains data, screenshots, and MD5s related to these threats.

  • ACCDFISA — Dacromf: Appeared in February, mostly in the United States. It targets Microsoft Windows Terminal Server Edition. ACCDFISA is the acronym for an imaginary security department: the “Anti Cyber Crime Department of Federal Internet Security Agency.”
  • Americana Dreams — VirTool:Win32/Injector.DA: A ransomware using MoneyPak (August)
  • Gimemo: First variants in May 2010. At that time the malware asked users in Russia to dial surcharged cell phone numbers to unblock their PCs. In March 2012, it started using Paysafe and claimed to act as a society of authors and music publishers (SUISA for Switzerland, GVU for Germany, AKM for Austria, PRS for the United Kingdom, SACEM for France, etc.).
  • HmBlocker: First variants appeared in 2010
  • Madlerax: Appeared in September
  • Malex — FBI PC lock: Appeared in August
  • PornoBlocker: Appeared in 2009. It asks users in Russia to replenish Beeline cell phone numbers to unblock their PCs. In March 2011, a PornoBlocker version was disguised as the German Federal Police.
  • Ransirac — GEMA ransomware: First variant in February. It claims to arrive from GEMA (Gesellschaft für musikalische Aufführungs), an authorized German collecting society for musical performing and mechanical reproduction rights.
  • Ransom.II — CELAS, FBI ransomware: Appeared in June. It spread in the United States, and uses the Ultimage Game Card payment system (August). In its first variants, the malware claims to be CELAS, a German company representing a certain part of EMI Music Publishing, or the FBI.
  • Reveton/Rannoh/Matsnu: The first Reveton variant appeared in November 2011. Some are now known as Matsnu (since  January) and Rannoh (since April). The last Reveton variants include a camera feature.
  • Silence LockerTrojan.Ransomlock.K: A crimeware kit (builder and control panel) offered on the underground market beginning in February
  •  Supern0va: Appeared in April. It uses a control panel.
  •  Tobfy: Appeared in June. Tobfy includes a camera feature. Its default landing page tries to mimic Interpol.
  • ULocker: Another ransomware tool. Offered on a private carding board in July. Ransomware made with this tool claims to have arrived from the International Police Association.
  • Urausy: Appeared in July
  • Weelsof: Appeared in April
  • Win32/LockScreen — Euro Winlocker: The first LockScreen variants appeared in 2009. To regain access to the computer, the user was asked to send an SMS message to a specified telephone number in exchange for a password. Since 2011, many versions have been distributed in Europe.
  • Winlock Affiliate: An old affiliate offer. Winlock detections existed before 2009.


» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...

AddThis Social Bookmark Button

Comments
blog comments powered by Disqus

Search SecurityInnovator

ph.gif ph.gif
Support This Site



Newest Articles

• 4/1 Welcome to Strategic Innovator!
• 4/1 CGSC Special Guest Feature: Closing NATO’s Strategy and Capabilities Gap
• 4/1 CGSC Special Guest Feature: More Money, More Problems: The Role of the Multinational Corporation in the Growth of the Democratic Republic of the Congo Economy
• 4/1 CGSC Special Guest Feature: A New Approach for Development Aid
• 4/1 CGSC Special Guest Feature: Money and Partnership: The Limits of U.S. Economic Power in Latin America
• 4/1 CGSC Special Guest Feature: Mexico, NAFTA, and China
• 4/1 Innovation Insights: Geospatial Technologies and Humanitarian Goals: Can Geospatial Technologies Inspire Sympathy?
• 4/1 Literary Insights: A review of Richard Rumelt’s 2011 Good Strategy/Bad Strategy
• 4/1 The Fast-Changing Arctic: Widely reviewed and now in over 100 libraries worldwide!
• 4/1 Culture, Conflict and COIN Now in 85 Libraries!
• 4/1 The Realist Tradition in International Relations -- Foundations of Western Order: Now in over 500 libraries worldwide!
• 3/24 McAfee Blog: Online Tax Time Scams: How to Avoid
• 3/24 McAfee Blogs: McAfee SIEM Enables Cloud Security and Reduces time and resources for Compliance demands for DTS
• 3/21 McAfee Blog: Google Docs Phishing Campaign is Frighteningly Accurate
• 3/20 HP Security Products Blog: Happiness is…securing your app before you launch it!
• 3/20 Wireless Watch: Google and Samsung both start with the watch, but then wearables agendas diverge
• 3/20 Faultline: Vivendi picks the devil it knows best in French bunfight over mobile
• 3/20 Faultline: All singing and dancing TV Connect live with OTT, mobile, dongles, RDK
• 3/19 HP Security Products Blog: Big announcements for 4th Annual HP Government Summit
• 3/18 McAfee Blogs: Smartphone Kill Switch Could Become Federal Law
• 3/18 McAfee Blogs: Anxious About Summer Already? Create a Family Gadget Plan
• 3/18 McAfee Blogs: What is a Denial-of-Service Attack?
• 3/18 McAfee Blogs: Four Pillars Build the Foundation of Successful SIEM
• 3/17 McAfee Blogs: Online relationships are Anamorphic Illusions
• 3/17 McAfee Blogs: Experian ID Theft Exposed 200 Million Consumer Records
• 3/17 McAfee Blogs: Adaptive Threat Prevention – Reducing Attack Discovery to Containment in Milliseconds
• 3/13 McAfee Blogs: Anonymous, Syrian Electronic Army Lead Recent Hacktivist Actions
• 3/12 McAfee Blogs: Analyzing the Uroburos PatchGuard Bypass
• 3/11 McAfee Blogs: Threats Timeline Tracks Recent Security Breaches
• 3/11 RSIS Reports: Update on Iran’s Total Near 20 Percent Enriched Uranium Stock : Nearly E nough for a B omb, if Further Enriched 1
• 3/11 HP Security Products Blog: Consumers need security intelligence, too
• 3/10 McAfee Blogs: Timeline of Bitcoin Events Demonstrates Online Currency’s Volatility
• 3/10 RSIS Reports: The Iran Primer- Centrifuges: Key to Final Nuclear Deal
• 3/10 McAfee Blogs: Threat Intelligence Exchange: An Old Dog with Plenty of New Tricks
• 3/10 McAfee Blogs: Network Security Perspective: Point-of-Sale, Data Loss, and the Black Market
• 3/9 McAfee Blogs: Welcome to the New McAfee Labs Quarterly Threats Report
• 3/7 HP Security Products Blog: How to prevent vulnerabilities in WiFi access points
• 3/5 RSIS Reports: Case Study - Chinese National Sought High-Strength Carbon Fiber for China
• 3/5 McAfee Blogs: Information Week Report Exposes the Risks but Confirms the Strategy
• 3/4 HP Security Products Blog: HP TippingPoint Advanced Threat API debuts at RSA 2014 Conference
• 3/4 HP Security Products Blog: HP Labs and HP TippingPoint collaborate to stop network attacks
• 3/3 HP Security Products Blog: Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy
• 2/27 HP Security Products Blog: Trojan Horse Worked Against the Greeks, but it Cannot Work Against HP TippingPoint
• 2/26 HP Security Products Blog: What NOT to do for Information Security
• 2/25 Eco Travel Guide: Review of The Fast Changing Arctic: 'Timely reading, indeed'
• 2/25 RSIS Reports: Changes Visible at Parchin Nuclear Site Why Parchin Matters to a Final Deal
• 2/25 HP Security Products Blog: HP announces HP Fortify Open Review Project at RSA 2014 Conference
• 2/25 HP Security Products Blog: HP sweeps categories at 10th Annual Info Security Global Excellence Awards
• 2/24 RSIS Reports: Additional Centrifuge Plants: Update
• 2/24 RSIS Reports: Update on Lashkar Ab’ad: Iran’s Laser Enrichment Capabilities

AddThis Feed Button

Barry's Books


DefenseLink

• 4/17 ESGR Annouces 30 Employer Support Award Finalists
• 4/17 POV Shipping Program Undergoes Changes
• 4/17 Battaglia to Appear on Pentagon Channel
• 4/17 Face of Defense: Army's Top NCO Visits Deployed Troops
• 4/17 U.S., South Korea Discuss Ways to Deter North's Provocations
• 4/17 Secretary Discusses Issues With UAE Crown Prince
• 4/17 Battaglia Visits Florida Coast Guard, MEP Units
• 4/17 Hagel Welcomes New ROK Defense Cost-sharing Agreement
• 4/16 Hagel Calls Chile's Disaster Responses 'Model for Region'
• 4/16 U.S. Ship Responds to Scene of Korean Ship Sinking
• 4/16 Face of Defense: Son Follows in Air Force Parents' Footsteps
• 4/16 Helpline Marks 3 Years of Aiding Sexual Assault Victims
• 4/16 'Birdies for the Brave' Tees Up Support for Vets, Families
• 4/15 Obama to Award Medal of Honor to Former Soldier for 2007 Actions
• 4/15 DOD Releases Report on Estimated Sequestration Impacts
• 4/15 Battaglia Brings All-service Panel to Mayport Cadets
• 4/15 Small Business Administrator Visits Military Entrepreneur Class
• 4/15 DOD Seeks Efficiencies in Sustainment, Logistics
• 4/15 Military Commission Judge Mulls Probe of Defense Claim
• 4/15 U.S., NATO Remain Concerned About Situation in Ukraine
• 4/15 Face of Defense: Despite Jitters, Singer Joins Soldier Show
• 4/15 DOD Official Visits Personnel Accounting Command Facilities
• 4/15 Battaglia Discusses Growth, Transition With Mayport Sailors
• 4/15 Airman Recalls Support After Brother's Marathon Bombing Injuries
• 4/14 DOD Unveils Improved Sexual Assault Prevention Training
• 4/14 9/11 Proceedings Go Into Recess Before Competency Hearing
• 4/14 Russian Aircraft Flies Near U.S. Navy Ship in Black Sea
• 4/14 Face of Defense: Army Infantryman is Proud to Serve
• 4/13 Hagel Speaks With New Egyptian Defense Minister
• 4/11 First Lady: New Initiatives Boost Military Caregiver Support

Ads

ph.gif
ph.gif Top ph.gif

© 2008 SecurityInnovator. All rights reserved.