[FSec] Browlock Ransomware Targets New Countries

Newsfeed

Nachrichtenbote
In the past few weeks we have been following the relatively new "police ransomware" family we call Trojan:HTML/Browlock. This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab.

Since we first saw it targeting folks in the US, Canada, and UK, we have been expecting it to expand to new countries. As expected, users in other regions are now seeing a localized message from their local law enforcement.

Here are the lock screens for Browlock as seen from different countries:

brow_uk.png


brow_aus2.png


brow_nl2.png


brow_spain.png


Almost all the ransomware families seem to have great difficulties in finding a translator to create localized lock pages with good quality. Readers that pay close attention (okay, any attention is probably enough) will notice some slight problems with the German localization:

brow_germany2.png


For Canadians, the design of the lock screen has stayed roughly the same:

brow_rcmp_latest.png


We did notice that the fine has dropped from 250 CAD to 150 CAD compared to a previous lock screen below. It seems that in today's economy, even ransomware victims can't be expected to pay up such high prices.

brow_rcmp_old.png


While the domain names change, all of the lock screens are currently being hosted on a single server in St. Petersburg:

brow_server.png


We detect the lock screen as Trojan:HTML/Browlock.A.

Post by — Antti and Karmina






On 14/08/13 At 03:30 PM

Weiterlesen...
 
Zurück
Oben