Norsk Politi Institutt for Cybercrime Virus (Ransomware)

By ESGI Advisor in Ransomware | 81 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
 More... More

'Norsk Politi Institutt for Cybercrime Virus' Details

Image Screenshot

[+] Click Image to Enlarge

Computer users in Scandinavian countries are not safe from the many variants of the Ukash Virus, a ransomware Trojan that is responsible for numerous attacks in North America and Western Europe. The Norsk Politi Institutt for Cybercrime Virus is the Norwegian variant of this malware threat. This ransomware infection follows a common strategy used by ransomware threats and claims to display a message from a law enforcement agency (in this case, the Norsk Politi Institutt for Cybercrime). Although this is a real police organization, the Norsk Politi Institutt for Cybercrime Virus message is in no way connected to this law enforcement agency. Rather, this message is part of a social engineering attack that is used to steal money from unsuspecting computer users.

The Norsk Politi Institutt for Cybercrime Virus scam is identical to the scam that most ransomware Trojans carry out. Basically, this malware threat blocks access to the infected computer. To do this, the Norsk Politi Institutt for Cybercrime Virus makes changes to the Windows Registry and to the infected computer’s settings that allow the Norsk Politi Institutt for Cybercrime Virus to load automatically upon start-up, block access to Windows components such as the Registry Editor, the Task Manager and the Windows Desktop and cause the infected computer to freeze upon start-up.

When the victim logs into the infected computer, rather than accessing the Windows Desktop, the infected computer will display a full-screen message from the Norsk Politi Institutt for Cybercrime Virus. This ransomware message claims that the infected computer was associated with illegal actions (such as viewing forbidden pornographic material or intellectual property violations) and that access to the computer was blocked by the Norsk Politi Institutt for Cybercrime. The Norsk Politi Institutt for Cybercrime Virus demands the payment of a one hundred euro fine using the Ukash money transfer service supposedly to give back the control of the infected computer to the computer user. ESG security researchers strongly advise against paying this ransom due to the fact that it will not allow you to regain access to the infected computer.

One of the characteristics of Ukash Virus variants is that they adapt to the victim’s computer’s geographical location. The Trojan that installs these ransomware threats checks the infected computer’s location and adapts the variant of the Ukash Virus to that location. The Norsk Politi Institutt for Cybercrime Virus attacks computer users in Norway and uses a ransomware message written in Norwegian as well as the Norwegian flag in its display.

How Can You Detect Malware Files Related to ‘Norsk Politi Institutt for Cybercrime Virus’?

Download SpyHunter’s Detection Scanner
to Detect Malware.

Norsk Politi Institutt for Cybercrime Virus Technical Report

As new Norsk Politi Institutt for Cybercrime Virus details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Norsk Politi Institutt for Cybercrime Virus:

The following fake error message(s) appears for Norsk Politi Institutt for Cybercrime Virus:

Norsk Politi
Institutt for Cybercrime
Politiet
Alle dine handlinger på denne datamaskinen blir registrert. Hvis du bruker et videokamera, ble en video og bilder bevart for identifisering.

Datamaskinen har blitt last!
Datamaskinen din er midlertidig list på grunn av uautorisert datavirksomhet. Det er mulige brudd du har begått:
Art. 274 – Opphavsrettsbrudd t
Straffes med bot eller fengsel i inntil 4 ar
(Bruk eller distribusjon av filer beskyttet med opphavsrett – filmer, programvare)
Art. 183 – Pornografisk produksjon t Straffes med bot eller fengsel i inntil 2 ar (Bruk eller distribusjon av pornografiske filer)
Art. 184 – Pornografisk produksjon hvor barn deltar (under 18 år)
Straffes med fengsel i inntil 15 ar
(Bruk eller distribusjon av pornografiske filer)
Art. 104 – Popularisering av ter/orisme Straffes med fengsel i inntil 25 ar
(Du har besøkt hjemmesider til terroristiske organisasjoner)
Art. 297 – Skjødesløs bruk av datamaskin som resulterte i alvorlige konsekvenser Straffes med bot eller fengsel i inntil 2 ar
(Datamaskinen din er infisert med et virus, som i sin tur infisere andre datamaskiner)
Art. 108 – Gambling t
Straffes med bot el er fengsel i inntil 2 ar
(Du har deltatt i gamling som er forbudt ifølge lovgivning i landet ditt)
i hjemmel med regjerings vedtak av den 22. august, kunne alle disse lovbrudd anses som betinget ved betaling av bot.
Botens beløp er 100 euro. Boten skal betales innen 48 timer etter oppdagelsen av et brudd.
Hvis boten ikke blir betalt, blir det automatisk anlagt en straffesak mot deg. Etter betaling av boten blir datamaskinen din låst opp.

Important Article Disclaimer

ESG Support Center

This entry was last updated on 11/16/12 and posted on 10/18/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Exploit:SWF/ShellCode.L
Northern Constabulary E-Crime Unit Virus (Ransomware) »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.