And Here Comes The NSA-Themed Ransomware
from the featuring-scary-logos,-acronyms-and-third-party-money-services dept
It was only a matter of time before this happened. The latest government agency to have its name and logo splashed across some clumsy ransomware is none other than everyone's least favorite intelligence agency, the NSA. This ransomware specifically mentions the NSA's preferred web data harvester and interceptor, PRISM, in its shake down of users who snag the triplines of malware-infested websites. (via)
While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that carry FakeAV and Ransomware. These websites seem to have been hijacked. They are all hosting the malicious content over port 972 and use similar URL patterns. Here are a couple examples:Preying on vague, unverifiable fears is what ransomware specialists do best. These particular criminals started out by pushing Fake AV [not its real name], which would return "reports" stating the unfortunate user's computer was literally overrun with viruses. In exchange for perfectly good money, the software would rid itself of problems the user never had while inserting other malware and spybots.
The malicious files seem to be changing. It started with the classic FakeAV, then switched to a fake PRISM warning. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.
But nothing makes money like topical fears, especially for users who are only slightly aware of the NSA scandal and have picked up just enough knowledge to be dangerous… to themselves. A quick read of the ransomware screen should alleviate the fears of anyone halfway familiar with nefarious web tactics, but the uninitiated may be scared enough to just start throwing money at the screen.
In addition to throwing as many official logos as it can at the user, the lockscreen also dumps a large number of scary looking (and eerily misspelled) words onto the screen for good measure. If the misspellings don't tip the user off, chances are they won't question why the government would essentially take a lowball bribe of $300 rather than prosecute them and pursue a "mandatory term of imprisonment for 6 month to 10 years [all sic]" and a $250,000 fine.
This will presumably be an effective tactic even if the NSA is no longer considered newsworthy by the mainstream media. Users who are cowed by a handful of logos probably aren't going to be tuned into the nuances of these various federal agencies. But the point that should be driven home to every user is that no federal agency is going to allow you to buy your way out of a serious criminal charge and very definitely won't be collecting fines through third-party services.