Norsk Politi Institutt for Cybercrime Virus (Ransomware)
Computer users in Scandinavian countries are not safe from the many variants of the Ukash Virus, a ransomware Trojan that is responsible for numerous attacks in North America and Western Europe. The Norsk Politi Institutt for Cybercrime Virus is the Norwegian variant of this malware threat. This ransomware infection follows a common strategy used by ransomware threats and claims to display a message from a law enforcement agency (in this case, the Norsk Politi Institutt for Cybercrime). Although this is a real police organization, the Norsk Politi Institutt for Cybercrime Virus message is in no way connected to this law enforcement agency. Rather, this message is part of a social engineering attack that is used to steal money from unsuspecting computer users.
The Norsk Politi Institutt for Cybercrime Virus scam is identical to the scam that most ransomware Trojans carry out. Basically, this malware threat blocks access to the infected computer. To do this, the Norsk Politi Institutt for Cybercrime Virus makes changes to the Windows Registry and to the infected computer's settings that allow the Norsk Politi Institutt for Cybercrime Virus to load automatically upon start-up, block access to Windows components such as the Registry Editor, the Task Manager and the Windows Desktop and cause the infected computer to freeze upon start-up.
When the victim logs into the infected computer, rather than accessing the Windows Desktop, the infected computer will display a full-screen message from the Norsk Politi Institutt for Cybercrime Virus. This ransomware message claims that the infected computer was associated with illegal actions (such as viewing forbidden pornographic material or intellectual property violations) and that access to the computer was blocked by the Norsk Politi Institutt for Cybercrime. The Norsk Politi Institutt for Cybercrime Virus demands the payment of a one hundred euro fine using the Ukash money transfer service supposedly to give back the control of the infected computer to the computer user. ESG security researchers strongly advise against paying this ransom due to the fact that it will not allow you to regain access to the infected computer.
One of the characteristics of Ukash Virus variants is that they adapt to the victim's computer's geographical location. The Trojan that installs these ransomware threats checks the infected computer's location and adapts the variant of the Ukash Virus to that location. The Norsk Politi Institutt for Cybercrime Virus attacks computer users in Norway and uses a ransomware message written in Norwegian as well as the Norwegian flag in its display.