And Here Comes The NSA-Themed Ransomware

from the featuring-scary-logos,-acronyms-and-third-party-money-services dept

It was only a matter of time before this happened. The latest government agency to have its name and logo splashed across some clumsy ransomware is none other than everyone's least favorite intelligence agency, the NSA. This ransomware specifically mentions the NSA's preferred web data harvester and interceptor, PRISM, in its shake down of users who snag the triplines of malware-infested websites. (via)

While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that carry FakeAV and Ransomware. These websites seem to have been hijacked. They are all hosting the malicious content over port 972 and use similar URL patterns. Here are a couple examples:

kringpad.websiteanddomainauctions.com:972/lesser-assess_away-van.txt?e=20
miesurheilijaaantidiabetic.conferencesiq.com:972/realism_relinquish-umbrella-gasp.txt?e=21
squamipi.worldcupbasketball.net:972/duty_therefore.txt?e=21


The malicious files seem to be changing. It started with the classic FakeAV, then switched to a fake PRISM warning. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.
Preying on vague, unverifiable fears is what ransomware specialists do best. These particular criminals started out by pushing Fake AV [not its real name], which would return "reports" stating the unfortunate user's computer was literally overrun with viruses. In exchange for perfectly good money, the software would rid itself of problems the user never had while inserting other malware and spybots.

But nothing makes money like topical fears, especially for users who are only slightly aware of the NSA scandal and have picked up just enough knowledge to be dangerous… to themselves. A quick read of the ransomware screen should alleviate the fears of anyone halfway familiar with nefarious web tactics, but the uninitiated may be scared enough to just start throwing money at the screen.




In addition to throwing as many official logos as it can at the user, the lockscreen also dumps a large number of scary looking (and eerily misspelled) words onto the screen for good measure. If the misspellings don't tip the user off, chances are they won't question why the government would essentially take a lowball bribe of $300 rather than prosecute them and pursue a "mandatory term of imprisonment for 6 month to 10 years [all sic]" and a $250,000 fine.

This will presumably be an effective tactic even if the NSA is no longer considered newsworthy by the mainstream media. Users who are cowed by a handful of logos probably aren't going to be tuned into the nuances of these various federal agencies. But the point that should be driven home to every user is that no federal agency is going to allow you to buy your way out of a serious criminal charge and very definitely won't be collecting fines through third-party services.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Violynne (profile), Sep 20th, 2013 @ 2:33pm

    Huh. Looks oddly like another "Buy DVDs or Else!" message: http://i1.ytimg.com/vi/qEfgbUrDYvk/maxresdefault.jpg

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 2:58pm

    But, how are we sure this isn't the actual NSA trying to recoup budget losses?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 3:01pm

    wake up people

    For once.... I hope this malware goes widespread. REALLY widespread.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 3:07pm

    Illegal downloading

    I like how the lock screen says the lock is for "suspicion of illegal content downloading and distribution". It's so eerily plausible.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    OldGeezer (profile), Sep 20th, 2013 @ 3:10pm

    A couple of questions; If you are unfortunate enough to get this malware, how do you get rid of it and unlock your system? How do you get this in the first place? I am savoy enough to avoid most of the usual ways malware tricks you into allowing it to install.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Rikuo (profile), Sep 20th, 2013 @ 3:14pm

    Re:

    Me, I'd take out the infected disk, pop it in a hard drive dock, connect that to a separate computer, open up a virtual machine and format the sucker.

     

    reply to this | link to this | view in thread ]

  7. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Sep 20th, 2013 @ 3:18pm

    And here comes the lame Techdirt re-hash days late.

    From Monday, September 9, 2013.

    WHAT is your purpose with this item?

    You could at least rail that Microsoft crapware is vulnerable to this, that Windows is overall the biggest disaster ever to affect the human race, that it's low-quality is due to it being made by a monopoly that should have been broken up two decades ago, but no, just another attempt to get page views from "NSA".

    BUT does give me opportunity to use this tagline which came to me recently from, er, out of the blue:

    Microsoft sticks to its bad ideas only because can't come up with worse ones.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    JDFensty, Sep 20th, 2013 @ 3:28pm

    I want it...

    So this may sound funny, but even though I live pretty dangerously online and have done so back to the 80's and 300 baud modems, I have in that 30 years gotten suckered by anything other than minor annoying malware once - and I was specifically targeted for that - a trojan that wiped the boot sector of my 30MB hard drive in 1988...

    So anyway, I never get this stuff, only the occasional browser hijack and so on.

    I was sad to see that all 3 of those links above are dead already...

    If I purposely wanted to infect myself (via my virtual PC test bed, of course) where can I go to basically be assured of getting this?

    I just want to see if I'm smart enough to get around it. :)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 3:33pm

    Re:

    A great free tool that usually is able to get this off is Windows Defender Offline. Just install it from a clean computer to a USB. Then go to the infected computer and boot off the USB drive. Many other real antivirus companies offer free bootable antivirus/malware removal tool if you are against Microsoft products.

    http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline

    As for getting, I don't know. I would assume it is due to clicking on a questionable banner, opening an infected email, or on an infected network without proper firewall/antivirus. Don't spend much time finding out where it came from. Just in how to remove it and preventing it from coming back.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 3:47pm

    Re: And here comes the lame Techdirt re-hash days late.

    I am neither for nor against Microsoft but to imply that it is all crap usually is due to ignorance of the product.
    I will agree some of their products are crap such as Vista, Windows ME, the current release of Windows 8, but XP has been one of the most solid systems and 7 is also pretty stable.
    Another point is it isn't a monopoly. People can choose from others such as Apple, Linux, Unix, or Amiga operating systems if they so choose.
    As for why it is vulnerable to attacks is due to market share. If I was designing a virus, I would target Windows since it has the largest market share. Then I would go after Apple products as it is quickly taking a large market share. Going after Linux or any other system would be pointless since they are a very small market segment and wouldn't be worth my time. If Linux was the largest market share then it would be hit by just as many viruses as windows gets now.
    Finally if Microsoft was using bad ideas why is it still in business? People can spend their money elsewhere if they so choose.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 3:52pm

    Re:

    System restore to a previous date
    (Neighbor got infected with a different version of this, after IGNORING the AV Waring :doh: )

    Booted to Safe Mode,
    Started system restore
    System up and running shortly after

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous, Sep 20th, 2013 @ 3:54pm

    Re:

    The public access computers I sometimes use have a program on them called Clean Slate. Anything a person downloads is wiped out upon reboot, so it's important to not turn off the computer until you've saved a hard copy of what you've downloaded (I burn to CD). If any virus is downloaded, that's wiped out too.
    Once when I was using such a computer, I got the Moneypak virus. Sure enough, the computer, keyboard, mouse, all frozen. So I manually turned off the computer using the on/off button, then turned it back on. Voila! Order was restored!
    Now, if you'll excuse me, I have to get ready to go to the Savvy tonight. I heard from Chic that happy days are stompin' there.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Keroberos (profile), Sep 20th, 2013 @ 4:03pm

    Re:

    How do you remove this virus?--You can use one of several boot disk anti-virus scanners. How can you get this virus?--By visiting a website that has been coded to deliver it through any software vulnerability it discovers in the web browser or plug-ins that you have installed. The infecting website can even be a perfectly legit one that has been hacked. The best defense is to keep your OS and anti-virus up to date, keep your firewall on, and disable auto-loading of scripts and plug-ins in your browser. And for Bog's sake if you have Java installed on your system--uninstall it--unless you absolutely need it to run something (and if that were me I would look for an alternative, or do without).

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    tracyanne, Sep 20th, 2013 @ 4:39pm

    Re: how do you get rid of it and unlock your system?

    I just install a Linux based operating system and educate the poor sucker. It never happens to them again.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    tracyanne, Sep 20th, 2013 @ 4:52pm

    Re: Re: And here comes the lame Techdirt re-hash days late.

    I have only very recently seen any Linux powered laptop or desktop computer in a retail store, those are of course Chromebooks, and judging by the way Salesmen are NOT attempting to sell them, but are instead pushing Windows 8, I'd say:

    Yes people are free to spend their money on anything other than Windows but:

    Unless they actually know there is a choice, and the vast majority of people are neither tech heads, like those who post here, nor informed in any way about the choices they might have, I also say

    effectively they have no choice at all.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 5:11pm

    Re: Re: Re: And here comes the lame Techdirt re-hash days late.

    While this is true, it isn't because they don't know that their is another option. It is most people don't care to spend time doing research on their options. I have known some people go out to buy new computers over spending time removing a virus from their old one.
    In general, I would recommend either Windows or OS X. While Ubuntu and other distro's of Linux are getting quite good at what they do. They are not at the level of user friendliness that I would give this to my grandma. Well, I wouldn't give her Windows 8 either.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    CK20XX, Sep 20th, 2013 @ 5:27pm

    Re: Re: And here comes the lame Techdirt re-hash days late.

    Actually, it's not politically incorrect to wonder how much longer Microsoft may be in business now. Steve Balmer was a pretty bad CEO; when he took over, Microsoft was poised to take over the markets that are currently dominated by Apple and Google. Instead Microsoft spent the last decade or so missing boat after boat and gradually fading into obsolescence. About the only reason Windows and Microsoft Office are still profitable and relevant is because people still aren't very aware that there are alternatives available. It doesn't take much to exploit such a weakness.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Keroberos (profile), Sep 20th, 2013 @ 7:47pm

    Re: Re: how do you get rid of it and unlock your system?

    That makes as much sense as recommending someone buy a new house and belongings just because the last one got burglarized. All OSes and software have security vulnerabilities, you're just trading one set of them for another. And if the poor sucker doesn't know how to secure a Windows box--he sure as hell won't have a clue about what to do with a Linux one (guess you must like support calls).

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    tracyanne (profile), Sep 21st, 2013 @ 1:23am

    Re: Re: Re: Re: And here comes the lame Techdirt re-hash days late.

    I gave Ubuntu to my Grandma, she doesn't have a problem with it. Well actually it was Linux Mint Mate, which is basically Ubuntu with out Unity.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 3:49am

    Re: Re: Re: Re: Re: And here comes the lame Techdirt re-hash days late.

    Linux FTW! ummm what malware???????

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous, Sep 21st, 2013 @ 4:43am

    Re: Re: Re: how do you get rid of it and unlock your system?

    Ssssh! Some people still believe the myth that Linux is invulnerable to virus and malware. Don't tell them there's no Santa Claus.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Sep 22nd, 2013 @ 8:12am

    Re:

    Go to bleepingcomputer.com and grab a copy of rkill. Run it to try and kill the malware process, then install and run something like malwarebytes. When malwarebytes is finished running download and run an anti-rootkit utility like tdsskiller and run that.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Ninja (profile), Sep 23rd, 2013 @ 4:07am

    Amateurs. The NSA has inserted malware inside official standards, protocols, systems and optic fibers. Heck, it probably has malware installed in the satellites. Puny amateurs I tell you ;)

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This