'NSA PRISM spies' shake down victims with bogus child-abuse vids claims

[silicon_toad2000]

http://www.theregister.co.uk/2013/09/12/prism_themed_ransomware/

Crooks are using the NSA's notorious global web surveillance scandal in ransomware campaigns: punters are falsely accused of downloading illegal material, told their PCs are now locked from use, and ordered to hand over a cash "fine" to unlock their computers.

Cloud security firm Zscaler has spotted 20 hijacked domains hosting malicious web pages that attempt to trick naive web surfers into either installing scareware - because it's claimed their computer is supposedly riddled with malware - or handing over money to unlock PCs that have supposedly been used to download images of child abuse.

Marks are either confronted with a warning that malware has supposedly been detected on their computer, or a bogus NSA PRISM-themed alert. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.

The campaign started off by pushing fake antivirus software (aka scareware) on the pretext that viruses had supposedly been detected on a mark's computer and money had to be paid out to have the nasties removed.

Now it's pushing a ransomware scam, which claims that child porn has been detected on a PC. The user is told he or she can "avoid prosecution" by handing over $300. In the meantime the ransomware says it locks victims out of their machines.

These shenanigans have been common on the web for years, and it's only the PRISM angle that adds a new spin. Scammers are obviously hoping that their marks pay up to resolve the problem without giving this any further thought. The proposed opt-in system to allow adults to look at legit porn sites in the UK laws may inadvertently help the preposterous con appear a tad more plausible, according to Zscaler.

"The attacker uses the recent news about PRISM to claim that the victim's computer has been blocked because it accessed illegal pornographic content," a blog post by Zscaler ThreatLabZ researcher Julien Sobrier explains.

"The victim has to pay $300 through MoneyPak, a prepaid card service."

"The ThreatLabZ team expect attackers to take advantages of the upcoming UK laws on accessing adult content online to send new types of fake warnings to UK victims."

[GhostShip]

I had read about this kind of malware threat but until last week I had not yet encountered anything like it in the wild, what I found was not even real ransomware, althought named the same as a real file locking nasty the one I encountered was in fact fake and the giveaway clue was the prescence of a virtual drive (z:) to give the illusion of  there being a serious problem in your files.

Simple to remove in this case but had it been the real thing it might have been another story.

[silicon_toad2000]

Yeah I have heard horror stories about small business having their files all locked up and had top pay the ransom to get the files unlocked.

pays to have a nightly backup.