Easily deflected ransomware relies on victims’ embarrassment

The appearance of Browlock ransomware earlier this year demonstrates that this type of malware does not need to wreak much havoc on the targets’ computer to be taken seriously.

Browlock does not download child abuse material and it doesn’t encrypt files on the targets’ computer. In fact, if doesn’t even block the entire computer.

“This ransomware is instead a plain old Web page, with JavaScript tricks that prevent users from closing a browser tab,” explains Symantec’s Gavin O Gorman. “It determines the user’s local country and makes the usual threats, claiming that the user has broken the law by accessing pornography websites and demands that they pay a fine to the local police.”

The browser-based Browlock has many warning notices in different languages up its sleeve, but currently targets mostly US, European, Canadian and Australian users.

The cyber crooks wielding the malware are keeping the costs down to a minimum. As there is no malicious executable to be served and installed, they just need to pay for adult-themed malvertising that redirects traffic to the websites sporting the message.

Judging by the number of these redirections Symantec blocked since September (1.8 million), the malvertising approach is extremely successful. Who knowns how many redirections have been blocked by other security companies, and how many were successful because users don’t use a security solution capable of it?

Ultimately, when landing on one of these sites users can’t close the tab, but can make the notice disappear by closing the browser window. You would think that such an easily deflected attack would not be successful enough for the crooks to keep doing it, but you would be wrong.

“The usual ransomware tactic of targeting users of pornographic websites continues to capitalize on a victim’s embarrassment and may account for the success rate,” the researcher concludes.