Ransomware Trojans detected recently in the wild display bogus messages from law enforcement agencies in Europe and ask users to pay nonexistent fines, Microsoft warned.
“We have recently seen the emergence of several samples of a ransomware family localized into different languages,” researchers from Microsoft’s Malware Protection Center (MMPC) said in a blog post Monday.
The ransomware variants detected so far masqueraded as national police agencies from Germany, the U.K., Spain, France, Switzerland and the Netherlands.
The Trojans are distributed via drive-by-download attacks that are launched from compromised websites. The attack toolkit most commonly used for this purpose is called Blackhole and contains exploits for unpatched installations of Adobe Reader, Flash Player, Java and Windows.
All programs from this ransomware family lock down infected computers and claim that their owners were involved in illegal activities. A legitimate IP (Internet Protocol) address geolocation service is used to determine the language and formatting of the bogus police alerts displayed to each user.
Affected computer owners are informed that they need to pay a fine within 24 hours, otherwise data will be erased from their hard drives. The payment is usually requested through services like Paysafecard or Ukash which make transactions harder to trace or reverse.
Microsoft researchers believe that all localized variants of this ransomware are the work of the same attackers. “The HTML front-end has been translated, while the back-end stays almost the same, with the exception of some obfuscation layers,” they said.
Users are advised to keep their software up to date and to treat every unsolicited messages with suspicion. All requests that appear to come from an official institution should be verified over the phone.