Peddlers of ransomware are increasing their effectiveness by tailoring region-specific versions of a scam that impersonates local police.
Microsoft has identified four variants of a ransomware scheme in which online criminals are using the good name of law enforcement agencies to trick victims into installing a malicious program that encrypts the data on their hard drive, then extorts money from the victim to retrieve the data.
Microsoft has detected variants of the scam in English, German, Spanish, and Dutch. The ransomware is packaged in e-mail messages that purport to come from a number of institutions, including the German Federal Police, GEMA (Germany’s performing rights organization), the Swiss Federal Department of Justice and Police, the UK Metropolitan Police, the Spanish Police, and the Dutch Police. Once installed on the victim’s computer, the ransomware encrypts or deletes the data stored on the hard drive. An alert banner, localized to fit the language of the victim, informs them that child pornography has been found on their machine, and that the computer will not work until a fine has been paid. Victims are advised to wire the money to supposed authorities via a legitimate online payment services.
These types of scams aren’t new. A nearly identical scam was reported in Russia in September. The latest attack, however, suggests that the cybercriminals behind the malware are broadening the scope of their activities to include other geographic regions.
You can find technical and specific infection details of the attack on Microsoft’s TechNet Blog.