Ransomware (also known as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware, or a virus which restricts access to the computer system that it infects. In addition it demands a payment, which is basically a ransom in order for the restriction to be resolved. Complexity of ransomware varies: from basic HTML pages acting as scareware in order to extract a payment from an unsupecting user, to encryption of the system’s hard drive. Most common types, however, result in locking of the system and then displaying on-screen messages intended to convince the user that payment is required in order to lift restrictions. The main difference between scareware and ransomware – according to the name, ransomware typically demands a payment, while scareware typically requests an action – a click, a download, or submitting personal information.
How does this ransomware manifest itself?
One of the most recent manifestations of the ransomware came in form of a fake FBI Moneypak SOPA ransom scam. Security specialists reported on Monday that more than 10,000 computers were compromised in less than 24 hours. Most affected were gamers: their computers represented almost 60% of the infected computers.
This virus first introduced itself back in June-August of 2012, but it’s recent peak of activity in October 2012 , this time spun as part of SOPA, is a reason to be extra-vigilant when it comes to using common sense while using your computer.
Why is it so dangerous?
What makes this ransomware virus so extra-evil is that it poses under the cape of good, riding on the pretense of legitimate names such as FBI and SOPA. They do not say “Hey, I am a hacker so-and-so, give me your money”. By posing as the legitimate guys, this virus can trick some users into paying. Once again, use of social engineering at it’s best. Or worst. Depends on your angle…
How would you like coming to your computer screen and seeing a message like this:
“Your IP address has been added to the “SOPA Black List” for downloading or distributing either software, illegally downloaded tracks, audio or video files protected by current copyright law, or for sharing materials illegal in the US (such as child pornography or phishing software).”
Stop Online Piracy Act, or SOPA, that had failed to be passed in Washington last year, is now being used by hackers as a cover to redistribute a virus that locks the compute and further displays the following:
“As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.
WARNING!!!: If you don’t pay the fine within 72 HOURS at the amount of $200 USD, all your computer data will be erased.”
It is still unknown how many users may be affected in the future by this virus .
Modern ransomware attacks were initially popular within Russia and bordering regions, but in recent years there have been an increasing number of ransomware attacks came from and were targeted towards other countries, including United States.
Can it be removed from my computer?
There are various resources available from reputable companies that can assist you in virus and malware removal process – but I wish for you to never need them.
- http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/ also offers further great details on this specific FBI Moneypak malware, including screenshots
As always, if you have questions or an idea for my next topic, please do not hesitate to let us know!