Localized ransomware variants circulating in the wild

Security researchers have intercepted multiple localized ransomware variants currently circulating in the wild.

Security researchers from Abuse.ch have intercepted multiple localized ransomware variants currently circulating in the wild.

The ransomware is dropped on the infected host using the Black Hole web malware exploitation kits, which exploits outdated and already patched client-side vulnerabilities.

Once infected, end users are exposed to a professionally looking template impersonating a well known law enforcement agency in the targeted country, alerting they that their computer is locked due to the fact that "Illegally downloaded music pieces (pirated) have been found on their PC".

In their analysis, the researchers came across to templates localized to the native languages of the following countries:

  • Switzerland; Germany; Austria; United Kingdom; France and the Netherlands

Cybercriminals are no strangers to the concept of localization. Thanks for managed localization and proofreading services targeted exclusively to cybercriminals, the value-added practice from a QA (quality assurance) perspective is becoming increasingly popular among malware authors, spammers and phishers.

End and corporate users are advised to ensure that they're running the latest versions of their third-party software, and browser plugins in an attempt to avoid getting exploited by the most popular exploit kit, the Black Hole web malware exploitation kit.

Related posts:

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All