CashU Virus
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 126 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 300,758 |
| First Seen: | April 22, 2013 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
CashU is a legitimate online payment company that is very popular in the Middle East. This company provides a valuable service by allowing computer users in this region to make online payments without needing access to internationally recognized credit cards or websites that may be blocked in this region of the world. Unfortunately, since late 2012 this company's good name has been sullied because of the use of this payment service in a scam commonly referred to as the CashU Virus or CashU scam. The same thing has been happening in Europe with the Ukash money transfer service and in North America with MoneyPak, both online payment services being used by criminals demanding the payment of a ransom in various ransomware schemes. Basically, criminals create Trojan infections that block access to the infected computer. Commonly known as Winlockers, these kinds of infections impersonate the police and are known as Police Ransomware Trojans.
Table of Contents
The CashU Virus Target Countries
Police Ransomware Trojans have numerous variants. This is because they tend to target specific regions of the world, and within each region, specific countries. There are Police Ransomware Trojans in Europe with hundreds of variants, each impersonating a specific police association and targeting a specific country. Each ransomware Trojan's message is written in the targeted country's language and with police emblems and insignias insinuating that the country's police are responsible for the malware attack. Police Ransomware Trojans in Europe tend to make victims pay using Ukash, and this is why they are often called 'Ukash Virus". Malware referred to as the CashU Virus are usually Police Ransomware Trojans that target the Middle East since CashU is the main online payment provider for this region. There are dozens of variants, each targeting a specific country, such as Saudi Arabia, Lebanon, and the Kingdom of Jordan.
Dealing with a CashU Virus Infection
CashU Virus variants use an alarming ransom message which claims that the victim's computer was blocked because of illegal activities. They threaten their victims with severe penalties unless a substantial fine is paid using CashU. It is important to remember that paying this fine will not remove the CashU Virus infection. Instead, variants of the CashU Virus should be removed with a tested anti-malware application and an alternate start-up method to bypass their winlocker component and gain access to software on the infected computer.
URLs
CashU Virus may call the following URLs:
| .videocampaign.co |
