Threat Database Ransomware Morocco Sûreté Nationale Ransomware

Morocco Sûreté Nationale Ransomware

By ESGI Advisor in Ransomware

The Morocco Sûreté Nationale Ransomware Trojan is a variant of the Reveton Trojan that targets computers located in Morocco. More specifically, the Morocco Sûreté Nationale Ransomware is part of a large number of Reveton variants that have appeared in 2013. These Reveton variants are characterized by their use of ransom messages written in Arabic, since they target countries in Northern Africa and in the Middle East and that they require the payment of the ransom by way of CashU, an online payment service that serves customers in this region. The use of CashU by the Morocco Sûreté Nationale Ransomware is similar to what occurs with variants of this threat in several parts of the globe. Just as Reveton variants located in Europe demand payment through Ukash and North American variants demand payment through MoneyPak, this new set of variants in the Reveton family demands payment through CashU. The Morocco Sûreté Nationale Ransomware infection is part of a family of malware commonly referred to as Police Ransomware or police Winlockers.

There are hundreds of variants of these kinds of attacks. The Morocco Sûreté Nationale Ransomware Trojan is considered a Police Ransomware Trojan because the Morocco Sûreté Nationale Ransomware displays a threatening message impersonating the targeted country's police force or government agency. This message claims that the victim's computer was involved in illegal activity and threatens the victim with jail time and fines of thousands of euros. The Morocco Sûreté Nationale Ransomware also uses a Winlocker component which blocks all access to the infected computer, effectively taking the infected computer hostage and preventing the PC user from viewing anything beyond the Morocco Sûreté Nationale Ransomware message. The Morocco Sûreté Nationale Ransomware claims that it is possible to avoid prosecution by making a one time payment through CashU. However, if the victim pays the Morocco Sûreté Nationale Ransomware's ransom, it will do nothing to remove this threat or unblock the victim's computer.

ESG security analysts strongly advise computer users to ignore the claims in the Morocco Sûreté Nationale Ransomware message. To remove this threat, ESG security researchers advise the use of a fully updated anti-malware program. It is possible to bypass the Morocco Sûreté Nationale Ransomware message by using an alternate start-up method to boot the infected computer.

Trending

Most Viewed

Loading...