Police Ransomware Virus
Police Ransomware infections are Winlocker Trojans that prey on inexperienced PC users by displaying a message that makes it look like they are being pursued by the police because they have viewed illegal pornography or dealt with copyrighted material. There has been a large resurgence of these scams due to their capacity to allow criminal groups to generate millions of euros. Police Ransomware infections have been a particularly insidious problem in Europe and, starting in 2012, this threat has steadily spread throughout the world. As of 2013, Police Ransomware variants have spread out as far as Argentina and Australia when only a couple of years ago this scam was relatively confined to Eastern Europe.
The Police Ransomware scam is not difficult to understand. These kinds of Trojans display a full screen window that accuses the victim of breaking the law. This message will usually contain logos and language from the victim's local police agency to lend credence to its threatening message. Unfortunately for the victim, this message will usually be accompanied with a Winlocker component that freezes the infected computer and prevents the victim from closing or bypassing the Police Ransomware message to obtain access to the compromised machine's Desktop or files. The main goal of the threatening message is to convince the victim to pay a ransom of a few hundred Euros or dollars through Ukash, MoneyPak or a number of other money transfer services. Some typical characteristics of Police Ransomware infections is that they display a message written in the victim's country's language and and containing logos and language from the local police force.
The Most Common Police Ransomware Families
Due to the similarity between different variants of the Police Ransomware scam, the line between Police Ransomware families is blurry and difficult to determine. This is further complicated by the fact that many of these infections use the same tactics and code to block the victim's computer. The following are some of the most common Police Ransomware families:
- The Gimemo family of Police Ransomware appeared in 2010 and infected computer systems in Russia. The earliest variants demanded payment through text messaging but switched to PaySafeCard and Ukash later on. Police Ransomware in the Gimemo family tend to use messages from societies for copyright enforcement such as the United Kingdom's PRS or France's SACEM.
- The Reveton family of malware is one of the most popular Police Ransomware variants. Also known as Matsnu and Rannoh, these malware threats started incorporating other components into the scam, such as using the victim's web cam to take a picture that would supposedly be sent to the police.
- Urausy Police Ransomware Trojans are some of the most recent entries in these attacks and are responsible for Police Ransomware scams that have spread throughout North and South America since April of 2012.