Is the NSA demanding that you pay up for a
cybercrime? How outrageous is that? Luckily, the NSA isn't actually
behind any of this. This is just another scamto get your money involving
fake law enforcement. In a recent blog post,
IT security company Blue Coat addressed last week's attacks on visitors
to the php.net Web site. Their investigation revealed that one of the
sneakier ransomware applications wrote ransom notes to victims using
personal information the victims believed was from the NSA.
Ransomware apps don't seem to be very creative lately. Most follow the same pattern: victims receive what appears to be an official notification that they've committed a cybercrime, usually including child pornography. In order to get out of this latest ransomware mess, the scam demands the victim pay $300 through an untraceable payment card.
We Know Where You Live
Based primarily in Russa, ransomware gangs use geolocations of victims' IP addresses to deliver fake warnings with names and logos of nations' law enforcement organizations. For instance, if you're in Australia or Canada, the threats you receive could include images of blue heelers or mounties to make the threat look all the more real. At the top of US victims' screens are NSA and Central Security Service logos.
Once installed, the malware visits Google or MSN to see if the computer is online. After it successfully connects, it performs an initial check-in with its home base by sending some data to a server in Ryazan, Russia, a city southeast of Moscow. The malware then uploads a chunk of encrypted data to the Web server xaraworkbook.us.
Continued Contact
Check-ins to Web servers continues about once every five minutes. The check-in connections all have a ransomware affiliate ID and the infected computer's profile information. Interestingly, the particular file paths mentioned in the ransomware notice don't exist in Windows XP.
You might think it's unlikely that you'll ever be victim to one of these scams, but it's always better to be safe than sorry. Invest in and regularly update antivirus software such as Norton AntiVirus (2014) or one of our other Editors' Choice antivirus products. Be smart about protecting your personal data because you never know what cybercriminals have up their sleeves next.
Ransomware apps don't seem to be very creative lately. Most follow the same pattern: victims receive what appears to be an official notification that they've committed a cybercrime, usually including child pornography. In order to get out of this latest ransomware mess, the scam demands the victim pay $300 through an untraceable payment card.
We Know Where You Live
Based primarily in Russa, ransomware gangs use geolocations of victims' IP addresses to deliver fake warnings with names and logos of nations' law enforcement organizations. For instance, if you're in Australia or Canada, the threats you receive could include images of blue heelers or mounties to make the threat look all the more real. At the top of US victims' screens are NSA and Central Security Service logos.
Once installed, the malware visits Google or MSN to see if the computer is online. After it successfully connects, it performs an initial check-in with its home base by sending some data to a server in Ryazan, Russia, a city southeast of Moscow. The malware then uploads a chunk of encrypted data to the Web server xaraworkbook.us.
Continued Contact
Check-ins to Web servers continues about once every five minutes. The check-in connections all have a ransomware affiliate ID and the infected computer's profile information. Interestingly, the particular file paths mentioned in the ransomware notice don't exist in Windows XP.
You might think it's unlikely that you'll ever be victim to one of these scams, but it's always better to be safe than sorry. Invest in and regularly update antivirus software such as Norton AntiVirus (2014) or one of our other Editors' Choice antivirus products. Be smart about protecting your personal data because you never know what cybercriminals have up their sleeves next.
No comments:
Post a Comment