New ransomware locks PCs, demands premium SMS for removal

Summary:UPDATE: Another variant has been detected.Following the recently uncovered hybrid scareware with elements of ransomware, and last year's GPcode ransomware attacks, cybercriminals have once again demonstrated their interest in the concept of ransomware.

UPDATE: Another variant has been detected.

Following the recently uncovered hybrid scareware with elements of ransomware, and last year's GPcode ransomware attacks, cybercriminals have once again demonstrated their interest in the concept of ransomware.

PandaLabs is reporting on a newly discovered ransomware variant which locks the affected user's PC, and demands a premium SMS in order to deactivate it.

Trj/SMSlock.A doesn't have any self-propagation functions and appears to be coming under the form of a typical fake codec that has been affecting users for over a week now. The message (in Russian) demands that the affected user sends an SMS with the pseudo-unique number to the given number in order to receive deactivation code. From a monetization perspective, the approach is pretty similar to the recent Trojan-SMS.Python.Flocker mobile malware which was transferring account credit, and mimicking the original functionality of the RedBrowser mobile malware which was automatically sending SMS messages to premium-rate numbers in 2006.

Just how dangerous is SMSlock.A? Compared to GPcode, it's the work of less technically sophisticated people, making it fairly easy to bypass. Dr.Web has even released a generator for deactivation codes so that affected users don't have to pay.

Ransomware is not a fad, that's for sure. In fact, Trend Micro's Annual Threat Report: Cybercriminals are Working Faster than Ever stated that ransomware attacks are prone to increase in a targeted fashion during Q2 of 2009. And whereas the current variants do not have self-propagation functions, their primarily propagation vector remains the hundreds of currently active blackhat search engine optimization campaigns serving the ubiquitous fake codecs (Cybercriminals syndicating Google Trends keywords to serve malware; Massive comment spam attack on Digg.com leads to malware).

Topics: Hardware, Browser, Mobility, Security, Telcos

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.