A new ransomware scam locks down its victims’ computers, attempting to convince them that child pornography has been found therein, and informs users that their machine will be unlocked only after paying a $17 (500 ruble) fine, according to a BitDefender analysis reported by MalwareCity.
The trojan, Trojan.Agent.ARVP, is currently targeting users in Russia, but a quick translation could change that, according to the report. The malware is spreading through malicious links on social networking sites right now.
Users have 12 hours to pony up the $17, before the scammers forward the (likely non-existent) child-porn to local authorities. The threat goes on to claim that if the fine remains unpaid, users’ data will be deleted, operating system uninstalled, and BIOS erased. Of course, as MalwareCity’s report claims, none of these things will actually happen, but the computer will remain locked. Paying the fine won’t do anything to change that.
The malware presents itself as a Russian language ransom note, reportedly blocking some 90 percent of the computer display. It also overwrites the Task Manager, Windows Explorer and User Init Logon, replacing them with copies of the Trojan.
The scam is a twist on older ones that use similar tactics to scare users into paying license fees or so-called fines. Other versions have popped up on mobile phones, as well.