New ransomware attack blocks Internet access

Once a machine is infected, a message is posted in Russian demanding a ransom under the guise of activating the uFast Download Manager application.

Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message).

[ SEE: Blackmail ransomware returns with 1024-bit encryption key ]

According CA researcher Zarestel Ferrer, the ransomware file is bundled with a program called uFast Download Manager.  Once a machine is infected, a message is posted in Russian (see image above) demanding a ransom under the guise of activating the uFast Download Manager application.

Here is a rough English translation:

Internet access is blocked due to violation of the license agreement schedules of uFast Download Manager You must activate your copy

Get a registration code by sending an SMS with the following code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response  ________

CA is offering an activation code generator for this particular ransomware variant.

See our previous coverage of ransomware attacks: