Fake PRISM Ransomware and Fake Antivirus Apps Spread via Hacked Websites
The exploitation of law enforcement and government entities has recently been the latest craze for cybercriminals in the quest to increase changes for successful extortion of money from unsuspecting computer users. In one of the most recent discoveries of what cybercrooks are using to steal money from computer users is a ransomware threat that exploits the NSA's PRISM surveillance program.
The use of popular government or law enforcement entities has long been the way for hackers to peddle their ransomware threat messages, which are bogus notifications that pop-up on an infected system claiming to have detected illegal activities and then asks that a fine be paid for doing do. These threat messages, which are technically referred as ransomware, have been a major force of malicious attacks that we have seen on our radar screen for a couple years now.
Over the past two weeks, there has been an influx of specific ransomware threats using the PRISM-theme to exploit PC users. These particular threats were found to have come from hacked websites, ones specifically used to distribute fake antiviruses and now PRISM-themed ransomware threats such as shown in Figure 1 below.
Figure 1. PRISM-themed Ransomware threat message pop-up example.
The particular PRISM ransomware is one that we have reported on in the past where it looks to have come directly from the NSA's PRISM surveillance program so that PC users may believe that it is a legitimate message. The threat message goes on to make bogus claims of the PC user violating certain laws, and then demands that $300 be paid through MoneyPak to 'resolve the situation'.
PC users may easily fall for this trick, which is rooted from as many as 20 identified hijacked websites so far, and end up wasting $300, to later find that they were scammed.
The use of hijacked websites has long been a means for hackers to spread their malicious-love onto many computer's that eventually access the hacked site. PC users are most often locked out of their system or prevented from utilizing installed applications once the PRISM Ransomware has loaded and taken over.
Serving the PRISM Ransomware from a hijacked website is an ideal means of spreading this vicious threat while limiting the exposure of the perpetrators. In many cases, a popular website is attacked and then injected with malicious code to load the PRISM Ransomware payload so that visiting systems may become infected.
PC users are warned to never pay the fine of such a threat. The best action to take is to clean your system with a genuine antispyware or antivirus solution that is capable of removing ransomware threats.