Ransomware makes child porn menaces in broken English

Filed Under: Data loss, Featured, Malware, Ransomware

Earlier this week, the researchers at SophosLabs examined a new strain of ransomware that had been discovered in the wild.

The malware encrypts files on the victim's computer - and demands that a ransom is paid for the safe return of their contents.

Users whose computers are hit by the malware are told to respond with a unique ID number to a Gmail or Live webmail address for the password that will unlock their data.

You can imagine how disturbing this could be to a computer user who did not have a reliable recent backup of their important documents, spreadsheets and databases.

What makes things even more menacing is that the cybercriminals don't rely purely upon the loss of data access to be an incentive to pay the ransom of 3000 Euros. They also threaten to contact the police with a "special password" that will reveal spamming software and "child pornography" files.

Ransomware message

Your files has been descryptes using 256-bit Advanced Encryption Standart. To decrypt your files send us email with your ID to our special email: [REDACTED] or [REDACTED]

Because your computer has been hacked or someone spamming from your computer. You must pay a penalty within 96 hours otherwise we will send report to the Police with special password to decrypt some files wich contains spam software and child pornography files. (this special password is only for this files, not for all your files. Password for all your files we will send you only after payment). If first 48 hours will be ended you must pay 3000 Euro.

Enter password for the encrypted file: ______________

There may be nothing in the hackers' threat of contacting the police and making accusations of child abuse material on your computer, but you can just imagine how petrified many people might be by seeing such a message.

Ransomware. Image from ShutterstockThe threat may be worded in broken English, but the vulnerable - without reliable backups - might feel tempted to pay up the ransom rather than run into possible trouble with the authorities.

Of course, we don't recommend paying money to ransomware extortionists. There's nothing to say that they won't simply raise their ransom demands even higher once they discover you are prepared to pay up.

As always, keep your security patches and anti-virus solutions updated, your wits about you, and ensure that your backups are current and working.

Laptop with pistol image, courtesy of Shutterstock.

, , ,

You might like

17 Responses to Ransomware makes child porn menaces in broken English

  1. Nigel · 1190 days ago

    Wait...you mean there are STILL people who don't back up?

    • Mark · 1188 days ago

      Outside the computer industry and hobby users most people have no idea that computers need to be backed up (or virus checked, or to avoid dodgy sites, etc, etc).

      This isn't their failure, it is a failure of the computer industry and also a failure of elitist computer users who think that it is "common sense" to backup.

      People need to get off their pedestal and help people instead of deriding them.

      • Andy · 1100 days ago

        My son got this on his laptop. Any way to recover from this without a back-up?

  2. e-ville · 1190 days ago

    can you recommend a reliable (online?) backup utility? i already use your anti-virus/malware.
    thank you

    • Nicolas_Ambrose · 1189 days ago

      There are many available, with most giving you 2GB of free storage and relatively inexpensive rates for more. The decision maker for me was how the service encrypts the data they receive. For example (and correct me if I'm wrong) Amazon offers 5GB for free, but the data is not encrypted. On the other hand, companies like Syncplicity and Spideroak do encrypt data. I especially like and have used Spideroak for years, because everything is encrypted on your machine before it is sent, and because it works well with Linux which I now use exclusively. I use them, and I also have an encrypted partition on my HD (using Truecrypt) where ALL of my data resides. Anyone stealing or hacking into my computer would find nothing at all in my user folders. There are many reviews out there--do some independent research and I'm sure you kind find a backup solution to your liking.

    • David Pottage · 1189 days ago

      I use Crashplan. They charge $5 per month for unlimited data backups from one computer, or $12 per month for a family plan of up to 10 computers in one household. Windows, Mac and Linux are all supported. You can save money via a longer term subscription or by limiting the amount of data you backup.

      There is also backblaze, who charge about the same, but don't support Linux clients.

  3. Randy · 1189 days ago

    People don't think they need backups until I am called to remove a virus or replace a bad hard drive. Oh, I tell them but a month later most of them STILL don't have an external HDD or even a backup plan.

  4. Robert W. · 1189 days ago

    What about using Windows 7 BitLocker? How about it Graham?

  5. Bedder · 1188 days ago

    Is there any evidence that the Trojan has the capability to actually download child pornography on the 'sly to the infected machine?

    Also is there any 'cracking software' to decrypt the Trojan encrypted files?

    • Michael · 1185 days ago

      A very good question, but beside the point because malware exists that is capable of turning your computer into storage for indecent images, or to steal your identity for use in another crime. Malware can be used for very ugly things.

      Contrary to what Mark thinks, our attitudes have nothing to do with being elitist. When people connect their networks to the Internet, they do so at their own risk. The best we can do is try and make people aware of those risks, why they exist, and basic measures for protecting themselves. Ignorance is no longer an excuse.

    • bob · 1171 days ago

      any luck w/ cracking software?

  6. Lynn Craig · 1177 days ago

    Is that why Norton keeps asking me to back up but I haven't a clue how or what to do about it
    besides my Norton gets rid of malware and all those viruses and things doesn't it? after all that is why we buy programs to protect our computers from this very thing right !!!!
    what does a person need to back up their system all I have is pictures some poetry and stories made up for my grandchildren,some receipes. Then there are some stuff i copied on notes in facebook......games and my e-mails...I will not trust any computer anywhere to do my banking for me no sir not with all the identity thiefts out there....

    • Internaut · 1155 days ago

      The Canadian Imperial Bank of Commerce guarantees security and all with only a password that is max 8 characters limited to alpha numeric characters.

  7. Bob · 1171 days ago

    Has anyone a fix for the encrypted files?

  8. BRD · 1161 days ago

    I was the victim of this ransomware. Luckily I had backups. The hackers left their "signature" on our server (photographs of their insignia written in mandarin). We beleive they used the Remote Desktop Connection funciton to access the machine.

  9. Internaut · 1155 days ago

    I can't believe people would fall for that - except those that had something to worry about - porn on their computer.

    If BigBro were apply the same logic here, that was applied to the article "Are you a potentially dangerous social misfit (aka not on Facebook)?": (https://nakedsecurity.sophos.com/2012/08/07/social-misfits-are-not-on-facebook/), then all banks should scan accounts and police arrest anyone that withdrew, or paid the exact sum of "3000 Euros", the ransom demand.

    I wish I had a list of all those people that freaked over this scam, I have some shares in a bridge they can get cheap.

  10. Melissa · 1091 days ago

    ...How do I make a backup?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley