Trojan:HTML/Browlock
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 11 |
| First Seen: | August 16, 2013 |
| Last Seen: | March 16, 2021 |
| OS(es) Affected: | Windows |
Trojan:HTML/Browlock is a relative newcomer to the family of Police Ransomware Trojans. Known as Browlock, Trojan:HTML/Browlock carries out an attack that is designed to steal money from inexperienced computer users. ESG security analysts have been monitoring Trojan:HTML/Browlock attacks since they seem to be part of a growing trend that may predict what ransomware attacks will look like in the near future. Ransomware attacks follow a well known, predictable pattern. Basically, these types of threats block all access to the victim's computer. They then use a fake police message to make the victim believe that the infected computer was blocked by the police as part of a law enforcement operation. The victim is then urged to pay a fake police 'fine' in order to avoid prosecution. Although Trojan:HTML/Browlock attacks have a lot in common with this attack model, there are significant differences.
The Damage Caused by a Trojan:HTML/Browlock Attack
Rather than blocking all access to the infected computer, the Trojan:HTML/Browlock family of Trojans blocks access to the Internet, using the victim's Web browser to display its ransom message. Like other ransomware, Trojan:HTML/Browlock demands payment of a 'fine' and also impersonates the police. Trojan:HTML/Browlock also makes various unwanted changes to the victim's system and browser settings to ensure that the Trojan:HTML/Browlock lock screen cannot be evaded or the browser tab containing it be closed. Like other Police Ransomware Trojans, Trojan:HTML/Browlock can vary its attack depending on the victim's location. After gleaning its victim's geographical position from the infected computer's IP address and other related data, the Trojan:HTML/Browlock lock screen impersonates that country's police agencies as part of its attack. Various countries have been targeted, including the United States, the United Kingdom, Canada, Australia, Germany, Spain and the Netherlands. Like other Police Ransomware families, Trojan:HTML/Browlock attacks seem to be spreading rapidly around the world. Security analysts have determined that the source of Trojan:HTML/Browlock attacks is a server in Saint Petersburg in the Russian Federation.
The Police Will Never Use a Trojan to Punish Crimes
If you cannot access your Web browser because of a Trojan:HTML/Browlock infection, ESG security analysts strongly advise using a reliable anti-malware application that is fully up to date to remove this threat. Under no circumstances should you follow Trojan:HTML/Browlock's instructions or pay its fake 'police fine.' The police will not block access to your computer using malware, despite what Trojan:HTML/Browlock's message claims and if you are actually guilty of its imaginary offenses, it is more likely that the police will simply show up at your doorstep rather than infecting your computer with a Trojan.
