Aggressive ransomware scam redirects to child porn
Posted on 13.09.2013
Getting denounced for viewing or owning child pornography is a huge deal in most Western world countries, so it's no wonder that ransomware peddlers are using that specific - and in this case true - accusation to force victims to part with their hard-earned cash.

The author of the Malware don't need Coffee blog has recently discovered that a relatively new ransomware family dubbed Revoyem (aka DirtyDecrypt) has been terrorizing users all over Europe, Canada and the US (click on the screenshot to enlarge it):

"From a Porn website, you are redirected by a TrafficHolder malvert to a Child Porn themed page (impact 1 : images are highly disturbing here) from which you get infected via Styx which drop you a Ransomware locking your computer displaying disturbing images and telling you just viewed illegal content (impact 2 - amplified cause it's just viewed illegal content even if you've been driven there against your will)," the blogger explains how the attack unfolds.

The victim is presented with laws they have broken, are told the penalties they face, but are also reassured that their computer will be unlocked and they will not have to face prosecution if they pay a significant fine via MoneyPak or PaysafeCard.

Users in different countries see the warning in their own language and it appears to be coming from their own national law enforcement agency.

If you are ever faced with a similar notice, the best thing to do is to actually consult with the police. Given the proliferation of ransom scams like this one, chances are overwhelmingly in your favor that the police is already aware of similar attempts.

Some types of ransomware can be made to unblock the affected computer by typing in a credible payment code that you have supposedly received after paying the fine.

If you are lucky enough to find online an account of someone who has done it and has shared the code with the public, you might be able to unblock the computer yourself. Just remember to scan it afterwards and remove from it the ransomware and any other malware you might find.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th