And Here Comes The NSA-Themed Ransomware
from the featuring-scary-logos,-acronyms-and-third-party-money-services dept
It was only a matter of time before this happened. The latest government agency to have its name and logo splashed across some clumsy ransomware is none other than everyone's least favorite intelligence agency, the NSA. This ransomware specifically mentions the NSA's preferred web data harvester and interceptor, PRISM, in its shake down of users who snag the triplines of malware-infested websites. (via)
While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that carry FakeAV and Ransomware. These websites seem to have been hijacked. They are all hosting the malicious content over port 972 and use similar URL patterns. Here are a couple examples:Preying on vague, unverifiable fears is what ransomware specialists do best. These particular criminals started out by pushing Fake AV [not its real name], which would return "reports" stating the unfortunate user's computer was literally overrun with viruses. In exchange for perfectly good money, the software would rid itself of problems the user never had while inserting other malware and spybots.
kringpad.websiteanddomainauctions.com:972/lesser-assess_away-van.txt?e=20
miesurheilijaaantidiabetic.conferencesiq.com:972/realism_relinquish-umbrella-gasp.txt?e=21
squamipi.worldcupbasketball.net:972/duty_therefore.txt?e=21
The malicious files seem to be changing. It started with the classic FakeAV, then switched to a fake PRISM warning. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.
But nothing makes money like topical fears, especially for users who are only slightly aware of the NSA scandal and have picked up just enough knowledge to be dangerous… to themselves. A quick read of the ransomware screen should alleviate the fears of anyone halfway familiar with nefarious web tactics, but the uninitiated may be scared enough to just start throwing money at the screen.
In addition to throwing as many official logos as it can at the user, the lockscreen also dumps a large number of scary looking (and eerily misspelled) words onto the screen for good measure. If the misspellings don't tip the user off, chances are they won't question why the government would essentially take a lowball bribe of $300 rather than prosecute them and pursue a "mandatory term of imprisonment for 6 month to 10 years [all sic]" and a $250,000 fine.
This will presumably be an effective tactic even if the NSA is no longer considered newsworthy by the mainstream media. Users who are cowed by a handful of logos probably aren't going to be tuned into the nuances of these various federal agencies. But the point that should be driven home to every user is that no federal agency is going to allow you to buy your way out of a serious criminal charge and very definitely won't be collecting fines through third-party services.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: nsa, prism, ransomware, scams
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
wake up people
[ link to this | view in chronology ]
Illegal downloading
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline
As for getting, I don't know. I would assume it is due to clicking on a questionable banner, opening an infected email, or on an infected network without proper firewall/antivirus. Don't spend much time finding out where it came from. Just in how to remove it and preventing it from coming back.
[ link to this | view in chronology ]
Re:
(Neighbor got infected with a different version of this, after IGNORING the AV Waring :doh: )
Booted to Safe Mode,
Started system restore
System up and running shortly after
[ link to this | view in chronology ]
Re:
Once when I was using such a computer, I got the Moneypak virus. Sure enough, the computer, keyboard, mouse, all frozen. So I manually turned off the computer using the on/off button, then turned it back on. Voila! Order was restored!
Now, if you'll excuse me, I have to get ready to go to the Savvy tonight. I heard from Chic that happy days are stompin' there.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: how do you get rid of it and unlock your system?
[ link to this | view in chronology ]
Re: Re: how do you get rid of it and unlock your system?
[ link to this | view in chronology ]
Re: Re: Re: how do you get rid of it and unlock your system?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
And here comes the lame Techdirt re-hash days late.
WHAT is your purpose with this item?
You could at least rail that Microsoft crapware is vulnerable to this, that Windows is overall the biggest disaster ever to affect the human race, that it's low-quality is due to it being made by a monopoly that should have been broken up two decades ago, but no, just another attempt to get page views from "NSA".
BUT does give me opportunity to use this tagline which came to me recently from, er, out of the blue:
Microsoft sticks to its bad ideas only because can't come up with worse ones.
[ link to this | view in chronology ]
Re: And here comes the lame Techdirt re-hash days late.
I will agree some of their products are crap such as Vista, Windows ME, the current release of Windows 8, but XP has been one of the most solid systems and 7 is also pretty stable.
Another point is it isn't a monopoly. People can choose from others such as Apple, Linux, Unix, or Amiga operating systems if they so choose.
As for why it is vulnerable to attacks is due to market share. If I was designing a virus, I would target Windows since it has the largest market share. Then I would go after Apple products as it is quickly taking a large market share. Going after Linux or any other system would be pointless since they are a very small market segment and wouldn't be worth my time. If Linux was the largest market share then it would be hit by just as many viruses as windows gets now.
Finally if Microsoft was using bad ideas why is it still in business? People can spend their money elsewhere if they so choose.
[ link to this | view in chronology ]
Re: Re: And here comes the lame Techdirt re-hash days late.
Yes people are free to spend their money on anything other than Windows but:
Unless they actually know there is a choice, and the vast majority of people are neither tech heads, like those who post here, nor informed in any way about the choices they might have, I also say
effectively they have no choice at all.
[ link to this | view in chronology ]
Re: Re: Re: And here comes the lame Techdirt re-hash days late.
In general, I would recommend either Windows or OS X. While Ubuntu and other distro's of Linux are getting quite good at what they do. They are not at the level of user friendliness that I would give this to my grandma. Well, I wouldn't give her Windows 8 either.
[ link to this | view in chronology ]
Re: Re: Re: Re: And here comes the lame Techdirt re-hash days late.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: And here comes the lame Techdirt re-hash days late.
[ link to this | view in chronology ]
Re: Re: And here comes the lame Techdirt re-hash days late.
[ link to this | view in chronology ]
I want it...
So anyway, I never get this stuff, only the occasional browser hijack and so on.
I was sad to see that all 3 of those links above are dead already...
If I purposely wanted to infect myself (via my virtual PC test bed, of course) where can I go to basically be assured of getting this?
I just want to see if I'm smart enough to get around it. :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]