New ransomware variant uses false child porn accusations

Summary:Researchers from BitDefender have detected a new ransomware variant currently spreading in the wild.

Researchers from BitDefender have detected a new ransomware variant currently spreading in the wild.

Once Trojan.Agent.ARVP locks down the infected PC, it displays a message saying that the PC is locked due to the fact that child pornography was found on the user’s system and the fine of 500 rubles must be paid within 12 hours. The Task Manager, Windows Explorer and User Init Logon Application are either killed or overwritten by the trojan in an attempt to prevent users from killing it.

The scammers says the user must pay within 12 hours or the “child-porn” case will be forwarded to the local police and all data stored on the personal computer will be blocked or deleted, the operating system uninstalled and the BIOS erased.

In reality, the data will still be there and the BIOS will not be affected after the 12-hour deadline passes. But the PC will remain locked. Paying the ransom will not unlock it. In-depth analysis of the malware revealed that there is no way to unlock the PC, so the promise of a code is false.

The malware is currently spreading over links distributed over social networks. Users are advised to be extra vigilant when dealing with suspicious links.

Topics: PCs, Hardware, Malware, Operating Systems, Security, Windows

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.