Localized ransomware variants circulating in the wild

Summary:Security researchers have intercepted multiple localized ransomware variants currently circulating in the wild.

Security researchers from Abuse.ch have intercepted multiple localized ransomware variants currently circulating in the wild.

The ransomware is dropped on the infected host using the Black Hole web malware exploitation kits, which exploits outdated and already patched client-side vulnerabilities.

Once infected, end users are exposed to a professionally looking template impersonating a well known law enforcement agency in the targeted country, alerting they that their computer is locked due to the fact that "Illegally downloaded music pieces (pirated) have been found on their PC".

In their analysis, the researchers came across to templates localized to the native languages of the following countries:

  • Switzerland; Germany; Austria; United Kingdom; France and the Netherlands

Cybercriminals are no strangers to the concept of localization. Thanks for managed localization and proofreading services targeted exclusively to cybercriminals, the value-added practice from a QA (quality assurance) perspective is becoming increasingly popular among malware authors, spammers and phishers.

End and corporate users are advised to ensure that they're running the latest versions of their third-party software, and browser plugins in an attempt to avoid getting exploited by the most popular exploit kit, the Black Hole web malware exploitation kit.

Related posts:

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Topics: Social Enterprise

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.