The Latest in IT Security

Ransomware: Playing on your fears


The last two years have seen an increase in malware which takes control of, and holds hostage an infected machine, locking the user out until a payment of some form can be extorted. This threat type is also known as ‘ransomware’.

Various tactics have been used by the malware writers in an attempt to intimidate users into paying a ransom in order to get back control of an infected machine. We wrote a blog post last December that describes malware extortion tactics, here.

Scare tactics include displaying fake Windows activation warnings: : 


Figure 1: Ransom message displayed by Trojan:Win32/Serubsit.A

to other scare tactics: 


Figure 2: Ransom message displayed by Trojan:Win32/Serubsit.A

The most recent of these comes in the form of the following variant we detect as Trojan:Win32/Ransirac.G (280bb31602a5dcb3674c7718f947ee0f4e44784f). In this case, an infected user is accused of illegally downloading music.


Figure 3: Ransom message displayed by Trojan:Win32/Ransirac.G

The malware writers attempt to add an air of legitimacy to their creation by using the HTML style sheets and image content for the actual organization GEMA (Gesellschaft für musikalische Aufführungs).

To thwart these and similar threats, we recommend using a complete and up-to-date antivirus solution such as Microsoft Security Essentials.

–Raymond Roberts

Leave a reply


TUESDAY, JULY 16, 2019

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments

Social Networks