Ransomware Extortion Scam Locks Machines, Demands Payment

The latest ransomware scam is locking down infected machines and displaying localized webpages warning users that their computer contains “banned material” and won’t be unlocked until a fine is paid, according to a report from McAfee’s Naganathan Jawahar.

The latest ransomware scam is locking down infected machines and displaying localized webpages warning users that their computer contains “banned material” and won’t be unlocked until a fine is paid, according to a report from McAfee’s Naganathan Jawahar.

The Trojan displays a warning, purportedly from the FBI, Metropolitan Police (London), or other law enforcement agencies, that consumes a user’s entire screen. The warning informs users that some illegal content has been found on their computer and the user won’t be given access to their machine unless they pay the fine.

It’s not altogether clear where the infections are coming from. The scammers are offering to unlock affected computers after receiving a £100 payment via Green Dot MoneyPak, Paysafecard, or Ukash financial transfer services. Jawahar writes that paying the fine won’t necessarily fix infected machines.

The Trojan is also reportedly downloading custom DLL payloads, like Lock.dll, which it uses to inject the fraudulent messages into the processes of Internet Explorer, Chrome, and Opera browsers.

McAfee is calling the malware payload, Ransom-AAY.gen.b.You can read McAfee’s report here.

Suggested articles