Monthly Archives: January 2014

Browser-based ransomware

Tonight I stumbled upon some browser-based ransonmware, that pretends to be a message from the police. This is neither very advanced (it isn’t anything like Cryptolocker), nor is it very new. It doesn’t install any malware on your machine (though this trick has been used by actual malware, such as ‘Urausy’). All it does is tell you that “your browser has been blocked up for safety reasons”, and that to prevent going to jail for anything between 5 and 11 years (for watching something very illegal), you need to pay a fine. Because of course, that is how the legal system works.

policeransomware

I’ll do a more detailed write-up about this later. I thought it was interesting that it was spreading via Twitter and used some subdomains to domains hosted at a UK-based registrar, whose customers probably had their DNS hacked.

One thing that is typical for this kind of scam is that based on where you access the website from, you get the message in the local language and the logo of the national police force. They typically include a photo of the head of state as well. Because that makes it a lot more real.

And since this isn’t a very advanced scam, I could grab the various logos that are used. I had seen most of these before, but I don’t know if they had ever been shown on a single site. Now they have. (Actually, just before posting I noticed these are the same images used by Urausy last summer; Kafeine has all those images. Oh well.)

Austria

AT

Australia

AU

Belgium

BE

Bolivia

BO

Canada

CA

Cyprus

CY

Czech Republic

CZ

Germany

DE

Ecuador

EC

Finland

FI

France

FR

Greece

GR

Hungary

HU

Ireland

IE

Italy

IT

Latvia

LV

Mexico

MX

Netherlands

NL

New Zealand

NZ

Norway

NO

Poland

PL

Portugal

PT

Romania

RO

Slovakia

SK

Slovenia

SI

Spain

ES

Sweden

SE

Switzerland

CH

Turkey

TR

United Kingdom

GB

United States

US