There are reports in the media of a particular ransomware, a type of malware, using the official Symantec Norton logo to dupe victims into believing the ransomware is verified by Symantec. This is a common social engineering technique used by malware authors to deceive victims. It is not the first time that a security company’s logo has being abused by ransomware.
Figure 1. Trojan.Ransomlock.Q as seen by German users, note the Norton logo (image courtesy of Heise Online)
The functionality and modus operandi of ransomware have not changed much over the years and while we’ve countless new designs from one variant to another, they do keep to a certain design convention and usually impersonate official institutions and legitimate security companies to obtain an air of authenticity.
When it comes to Trojan.Ransomlock.Q, (a.k.a., Urausy), the authors are known to be very active and constantly update their designs as the political landscape changes depending on which country is being targeted. They are indeed very crafty and keep up to date with the news. Interestingly they haven’t used the Symantec Norton logo in the Irish version.
Figure 2. Trojan.Ransomlock.Q as seen by Irish users
Leave a reply