Summer is -almost- over, kids are going back to school and we can find many type of offers to buy new computers, software… and cyber-criminals will try to take advantage of this too. Recently we have spotted yet another family of a ransomware (police virus). While the behavior was really similar to other families, in this case the main difference that attracted my attention was the price: usually they ask for around US$100, this time the price was really cheap:
Just US$10.95, really cheap. As in real world, competition usually leads to better prices, and in this case it is translated in an smaller price to recover our computer. For now we have only seen this approach in one ransomware family, the rest keep with the same US$100 price. This is one was captured last week:
The only change in this one is the use of a picture of the king of Spain to reinforce the message, with the use of the Spanish 2 main law enforcement agencies, and Interpol logo in the background. It asks for 100€ to get the code to unlock your computer.
Yesterday we captured a new sample of a new ransomware family. We have taken a closer look at it as usually these ransomware are programmed in visual c++ and this one was packed using Aspack and programmed in Delphi. It uses an Adobe Flash icon to mislead the victim:
It has turned out to be one of the nastiest pieces of ransomware out there, it is not the first time we have spotted one of these but it is disturbing: the screen that appears in your desktop has the typical message, then you have a video frame that shows what it can be seen from your webcam, and next to it there are real child porn pictures (obviously censored in this screenshot):
Really disgusting, these moments make me think that we should help law enforcement even more than we already do. This one was asking for 100€.
Finally, this morning has arrived yet another one, although the guys behind it are not in favor of “back to school sales”:
Yes, they ask for US$300, three times the usual price! This is the most expensive police ransomware we have captured so far.