Innovating The Next Big Thing September 20, 2014 ph.gif
ph.gif
Sections

Strategic Innovator: Journal of Strategic Innovation
Network & Information Security
Terrorism & Counterterrorism
Insurgency & Counterinsurgency
Weapons of Mass Destruction
Homeland Security & Defense
Energy, Infrastructure & Environment
Remembering 9/11
About

Next Innovator Group

TechnologyInnovator
• NextInnovator
EnterpriseInnovator
SecurityInnovator
DefenseInnovator
WirelessInnovator 
• HPinnovator
EnergyInnovator
TransportationInnovator  

Contact

• NextInnovator(at)Live.com

Writers Wanted

Writers Wanted

Feedjit Live Web Stats


Terror Alert Level


Homeland Security

Security Innovators

• The Clausewitz Home Page 
Small Wars Journal
Stratfor Geopolitical Weekly
Computerworld Security Blog
eWeek Security Blog
Information Security
Infoworld Zero Day Security
Cheap Hack: Larry Seltzer's New Blog
Security Insights Blog 
McAfee Audio Parasitics
McAfee Avert Labs Blog
Mike Rothman's Blog
Network Computing Daily Blog
NetworkWorld, Buzzblog
Security Fix, Brian Krebs
ZeroDay, Ryan Naraine
Rethinking Security

Next Innovators

Ghost City
Frontline Sentinel
• Innovation Insights
WebInno
Over the River
Enderle Group
Security Insights Blog 
McAfee Audio Parasitics
Rethinking Security
Ovum
iSuppli
Canalys
• eMarketer 
• CRM Help Desk SW 
Rethink Research
The Gadgeteer
Master the Moment

McAfee AudioParasitics


 
Books on Terrorism

Books on Network Security

Books on WMD

Barry's Books

 

Ads

ph.gif ph.gif
Network & Information Security McAfee Blogs: ‘Police Ransomware’ Preys on Guilty Consciences
Sep 11, 2012 – Francois Paget   

“Police ransomware” is big business, generating millions of euros for organized criminal groups. In May, at Europol’s headquarters in The Hague, police officers from 14 EU member states affected by this threat met with representatives from Europol, Eurojust, Interpol, and industry. Police ransomware, as explained on the Europol website, typically appears as a pop-up window, claims to come from a law enforcement agency, and accuses the user of visiting illegal websites. The screen freezes with a message that says the system will be unlocked only after payment of a fine, by Ukash, Paysafe, Toneo, or MoneyPak. Demands are very often specific to the country of the victim, pretending to be issued by local law enforcement agencies and written in the local language.

The recent Threats Report from McAfee Labs shows an impressive increase in this field, with police ransomware the main culprit:

Several posts around the Net describe some of these malware. I’ll summarize the most common, with help from the botnets.fr wiki, created and maintained in France by various malware researchers. This wiki is a great tool for understanding botnets and ransomware, and contains data, screenshots, and MD5s related to these threats.

  • ACCDFISA — Dacromf: Appeared in February, mostly in the United States. It targets Microsoft Windows Terminal Server Edition. ACCDFISA is the acronym for an imaginary security department: the “Anti Cyber Crime Department of Federal Internet Security Agency.”
  • Americana Dreams — VirTool:Win32/Injector.DA: A ransomware using MoneyPak (August)
  • Gimemo: First variants in May 2010. At that time the malware asked users in Russia to dial surcharged cell phone numbers to unblock their PCs. In March 2012, it started using Paysafe and claimed to act as a society of authors and music publishers (SUISA for Switzerland, GVU for Germany, AKM for Austria, PRS for the United Kingdom, SACEM for France, etc.).
  • HmBlocker: First variants appeared in 2010
  • Madlerax: Appeared in September
  • Malex — FBI PC lock: Appeared in August
  • PornoBlocker: Appeared in 2009. It asks users in Russia to replenish Beeline cell phone numbers to unblock their PCs. In March 2011, a PornoBlocker version was disguised as the German Federal Police.
  • Ransirac — GEMA ransomware: First variant in February. It claims to arrive from GEMA (Gesellschaft für musikalische Aufführungs), an authorized German collecting society for musical performing and mechanical reproduction rights.
  • Ransom.II — CELAS, FBI ransomware: Appeared in June. It spread in the United States, and uses the Ultimage Game Card payment system (August). In its first variants, the malware claims to be CELAS, a German company representing a certain part of EMI Music Publishing, or the FBI.
  • Reveton/Rannoh/Matsnu: The first Reveton variant appeared in November 2011. Some are now known as Matsnu (since  January) and Rannoh (since April). The last Reveton variants include a camera feature.
  • Silence LockerTrojan.Ransomlock.K: A crimeware kit (builder and control panel) offered on the underground market beginning in February
  •  Supern0va: Appeared in April. It uses a control panel.
  •  Tobfy: Appeared in June. Tobfy includes a camera feature. Its default landing page tries to mimic Interpol.
  • ULocker: Another ransomware tool. Offered on a private carding board in July. Ransomware made with this tool claims to have arrived from the International Police Association.
  • Urausy: Appeared in July
  • Weelsof: Appeared in April
  • Win32/LockScreen — Euro Winlocker: The first LockScreen variants appeared in 2009. To regain access to the computer, the user was asked to send an SMS message to a specified telephone number in exchange for a password. Since 2011, many versions have been distributed in Europe.
  • Winlock Affiliate: An old affiliate offer. Winlock detections existed before 2009.


» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...

AddThis Social Bookmark Button

Comments
blog comments powered by Disqus

Search SecurityInnovator

ph.gif ph.gif
Support This Site



Newest Articles

• 7/23 McAfee Blogs: W32/Worm-AAEH Replaces Cryptor With One Used by Dofoil Downloaders
• 7/23 McAfee Blogs: The Firewall is Turning 25, but is it Really All Grown Up?
• 7/22 RSIS Report: “The Six’s” Guiding Principles in Negotiating with Iran
• 7/21 McAfee Blogs: 10 Experts, One Topic, 800 Million AETs
• 7/16 McAfee Blogs: Texas Tech University HSC Unifies Security and Compliance with McAfee SIEM Solutions
• 7/15 McAfee Blogs: Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
• 7/15 McAfee Blogs: Continuous Incident Response
• 7/14 McAfee Blogs: Dofoil Downloader Update Adds XOR-, RC4-Based Encryption
• 7/12 Frontline Sentinel: The Impact of Red Team Drills
• 7/12 Frontline Sentinel: Integrating Threat Intelligence Into Your Security Program
• 7/12 Frontline Sentinel: Creating a Secure Guest Network
• 7/12 Frontline Sentinel: Onward Through the Cloud
• 7/8 McAfee Blogs: More Choices for Encryption to Protect Your Data-At-Rest
• 7/7 McAfee Blogs: CryptoWall Ransomware Built With RC4 Bricks
• 7/2 McAfee Blogs: Operation Dragonfly Imperils Industrial Protocol
• 7/2 McAfee Blogs: Don’t Settle for Less with Your IPS
• 7/1 McAfee Blogs: How Volusion Used McAfee SIEM to Meet New Security Needs
• 6/27 McAfee Blogs: McAfee Named A Leader in Secure Web Gateways 2014 Magic Quadrant
• 6/26 McAfee Blogs: Learn More About McAfee’s Next Generation Firewall Secret Weapon
• 6/23 HP Security Products Blog: Disrupting the innovator’s dilemma
• 6/23 McAfee Blogs: Multiparty authentication and cryptosystems in the IoT – part 3
• 6/19 HP Security Products Blog: Can the law keep up with technology advances?
• 6/19 McAfee Blogs: Buyer Beware: This Smartphone Comes with Malware Pre-Loaded
• 6/19 McAfee Blogs: Multiparty authentication and cryptosystems in the IoT – part 2
• 6/18 McAfee Blogs: Hackers Score a Goal with World Cup Scams
• 6/18 McAfee Blogs: How The State of Colorado Secured its Infrastructure with McAfee SIEM
• 6/17 McAfee Blogs: Bridging the Tech Gap: A Snapchat Primer for Parents
• 6/17 McAfee Blogs: Workplace Wearables and the Loss of Privacy
• 6/17 McAfee Blogs: Thinking About Next-Generation Security and Cyberwarfare
• 6/16 HP Security Products Blog: Does personal accountability need to shift in business?
• 6/16 McAfee Blogs: What is Fake Antivirus Software?
• 6/13 CRS Report: U.S.-Vietnam Nuclear Cooperation Agreement: Issues for Congress
• 6/13 CRS Report: The Evolution of Cooperative Threat Reduction: Issues for Congress
• 6/11 McAfee Blogs: Celebrating our partners’ success
• 6/11 McAfee Blogs: Celebrating our partners’ success
• 6/11 McAfee Blogs: Microsoft Patch Tuesday: June 2014
• 6/9 RSIS Report: In Response to Gareth Porter’s Ridiculous Attack
• 6/9 HP Security Products Blog: What about 'the machine'?
• 6/9 HP Security Products Blog: Day 2 at Discover
• 6/9 McAfee Blogs: CISOs: What the New CSIS and McAfee Global Cost of Cybercrime Study Means for Your Business
• 6/5 McAfee Blogs: Teen Cyberbullying Triples, Emotional Impact Grows
• 6/5 McAfee Blogs: Apple Makes a Strong Push for the Internet of Things, But Will It be Secure?
• 6/4 HP Security Products Blog: Advanced analytics made easy with HAVEn
• 6/4 HP Security Products Blog: Viva Las Vegas! HP Enterprise Security Products represent at HP Discover 2014
• 6/4 McAfee Blogs: Massive Law Enforcement Operation Tells two Malware Variants it’s ‘Game Over’
• 6/4 McAfee Blogs: Backing Up the Claims: ESG Validates McAfee NGFW Strengths
• 6/3 RSIS Report: Five Compromises to Avoid in a Comprehensive Agreement with Iran
• 6/3 McAfee Blogs: The Privacy Problems with Mobile Messaging Apps
• 6/3 McAfee Blogs: Teens’ Online Behavior Can Get Them in Trouble
• 6/3 McAfee Blogs: Deterrence in Cyberspace Helps Prevent Cyberwar

AddThis Feed Button

Barry's Books


DefenseLink

• 9/19 New U.N. Ebola Mission Will Depend on International Support
• 9/19 Official Discusses Prevention of Root Causes of Armed Conflict
• 9/19 Fighter Jets Target ISIL Boat, Ground Unit
• 9/19 Official Notes Value of Triumph for Troops in Recovery
• 9/19 Army Chief: Fiscal 2016 Sequestration Marks 'Breaking Point'
• 9/19 Military Response Begins as Troops, Equipment Reach Liberia
• 9/19 DoD Plans No Review, Investigation of DoD-NFL Relationship
• 9/19 Taking Down ISIL Requires Cooperative Effort, Army Chief Says
• 9/19 Navy Joins Energy, Agriculture Departments in Biofuel Effort
• 9/19 Navy Surgeon General Discusses Signature Wounds of War
• 9/19 Press Secretary Gives Details of Syrian Training Effort
• 9/19 Continuous Improvement Central to Better Buying Power 3.0
• 9/19 Hagel: Nation Will Do 'Whatever it Takes' in POW/MIA Effort
• 9/19 Face of Defense: Soldier Translates During U.S.-Japan Exercise
• 9/19 Southcom Hosts Regional Security Dialogue in Miami
• 9/19 Part 3 of a Series: Navy Petty Officer Considers Suicide
• 9/19 Hagel Welcomes Congressional Action on Aid to Syrian Opposition
• 9/18 DoD Health Official Calls Fit Force Key to National Security
• 9/18 Special Ops Command Stresses Preservation of Force
• 9/18 Official Calls Resilience Key Factor in Suicide Prevention
• 9/18 Hagel Says Anti-ISIL Coalition Continues to Grow
• 9/18 Hagel Says ISIL Threats Real, Must Be Dealt With
• 9/18 Latest Airstrikes Target ISIL Assets, Ammunition
• 9/18 Face of Defense: Amputee Airman Returns to Duty
• 9/17 Homeland Security Secretary: ISIL's Foreign Fighters Pose Threat
• 9/17 Defense Leader Praises Air Force as Backbone of Global Reach
• 9/17 U.S. Aircraft Continue Strikes Against ISIL in Iraq
• 9/17 Obama Tells Central Command Troops America Will Lead
• 9/17 Face of Defense: Minnesota Brothers Reunite in Kuwait
• 9/16 Obama Details Major Increase in U.S. Ebola Response

Ads

ph.gif
ph.gif Top ph.gif

© 2008 SecurityInnovator. All rights reserved.