Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Sunday, February 22, 2015 Wang Wei

Chicago Police Department Pays $500 Cryptoware Ransom to Cybercriminals
Cyber criminals have started targeting government enforcement of the Ransomware in an attempt to extort money. Recently, the police department of the Midlothian Village in Illinois has paid a ransom of over $600 in Bitcoins to an unknown hacker after being hit by a popular ransomware attack.

The popular Ransomware, dubbed Cryptoware, disabled a police computer in Midlothian — located south of Chicago — by making it inaccessible through its file-encryption capabilities and forced them to pay a ransom in order to restore access to the important police records.

The Chicago Tribune reported that the department first encountered Cryptoware in January, when someone in the department opened a spear-phishing email that pointed to the malicious software.

Once opened, the email carrying the Cryptoware ransomware immediately encrypts the files on the computer and, in typical ransomware style, displays a message demanding money in exchange for a decrypt code that could free the device from Cryptoware.

Midlothian Police Chief Harold Kaufman confirmed the police department had been hacked, but declined further comment. Local IT professionals assured that the hacker didn’t get access to files in the police department's database, rather the Cryptoware program only made certain documents inaccessible.
"It didn't encrypt everything in the police department. It was just that computer and specific files, not the entire system," Calvin Harden Jr., an IT vendor who works with the village and the police on overcoming this threat, told the Tribune.
Cybersecurity experts recommend business users routinely back up their data, but, according to Harden, the police officials were forced to make the payment because going after the hacker might have been more trouble than it was worth.
"Because the backups were also infected, the option was to pay the hacker and get the files unencrypted, which is what we decided to do," Harden told the newspaper.
This isn’t the first time when hackers have targeted a government agency. Back in November, 2013, the cyber criminals had managed to encrypt the database of Massachusetts' Swansea Police Department by CryptoLocker ransomware and forced them to pay $750 to restore their files.

Midlothian follows the city of Detroit and a sheriff's office in Tennessee as Cryptoware victims within the last year. Forcing victims to pay via Bitcoin provides the hackers an easy method to collect money and moving on to future victims with little-to-no digital footprint

However, law enforcement succeeded in decreasing various ransomware attacks, but with the discovery of 2.0 versions, the ransomware even made it way to infect the mobile devices.

Previously known and popular Ransomware are as follow:
The best defense against Ransomware is creating awareness within the organization and at home, as well as maintaining backups that are rotated regularly. Ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.

Friday, January 23, 2015 Mohit Kumar

17-Year-Old Hanged Himself After Receiving Police Ransomware Threat
Ransomware malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody’s blood. Sad, but it’s True!

Joseph Edwards, a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he'd been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him.

The scam email pushed the well-known Police Ransomware onto the boy’s laptop and also downloaded malware that locked up his system once it was opened.

Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday.

Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was found hanged at his family home in Windsor by his mother Jacqueline Edwards, who told the coroner that he probably didn't understand the implications of his actions.
"He didn't seem to have any worries known to me. I don't think he really understood," Jacqueline Edwards told the coroner. "Joseph was subjected to a scam on the internet, a threatening, fake police link that was asking for money," his mother said in a statement. "He would have taken it literally because of his autism and he didn't want to upset Georgia [his sister] or me."
As far as we all know, a Police ransomware of this type does not encrypt files and usually asks a victim to pay a small fine that last around $200 or €200. It’s normally much easier to remove the threat from infected systems by using dedicated tools specially designed to remove such infections.

According to Detective Sergeant Peter Wall, it will be almost impossible to trace the fraudsters behind the 'crude' email, but believe it may have originated outside the UK.

This is not first time when Ransomware has become deadly reason to take someone’s life. Over a year ago, a Romanian family faced same Police Ransomware threat and the Romanian victim hanged himself and his four-year-old son, scarring that his young son would pay for his mistake and his life would be spend in the moment of delusion.

Ransomware is one of the most blatant and obvious criminal's money making schemes out there, from which Cryptolocker threat had touched the peak, and cyber criminals have developed many Cryptolocker versions (prisonlocker, linkup, icepole, cryptobit) by which you have to safeguard your system.

Tuesday, May 06, 2014 Swati Khandelwal

Police Ransomware Malware Targeting Android Smartphones
After hacking PCs, Cyber criminals have now begun targeting Smartphones with a special piece of malicious software that locks up the devices until the victims pay a ransom to get the keys to unlock the phone, called Ransomware

Ransomware typically targets users' personal computers and has become a profitable way for cyber criminals to earn money.

To deliver the Ransomware malwares to the mobile devices, cyber criminals have started creating malicious software programs that masquerade as antivirus apps or other play store apps, but instead of protecting your smart devices, they lock up your Smartphone until you pay a ransom to unlock it.

RANSOMWARE - POLICE & CRYPTOLOCKER
As we reported earlier in news updates, security researchers disclosed various Police ransomware targeting users' personal computers. The ransomware software once installed, cyber criminals attempts to lock the victim’s computer hard disk and files from a remote location.

Usually, the police ransomware masquerade as an official warning from a law enforcement agency, which claims that the victim's PC has been determined to have visited illegal websites and payment is necessary for a fine to restore the computer's functionality.

Cryptolocker is another infamous member of Ransomware family, designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. The Cryptolocker hijacker sniffs out your personal files and wraps them with strong encryption before it demands money.

Cryptolocker Ransomware is just like any other computer infection, but it can be potentially worse since it can cause permanent damage, such as deleted files and files that become encrypted forever and the infected users are in danger of losing their personal files forever.

POLICE RANSOMWARE TARGETING SMARTPHONES
Similar threat has come to Smartphone devices as well and Android users might soon become the victims of "Police Locker" ransomware malware. According to recent report from the researcher behind the Malware don't need Coffee blog, Cyber Criminals behind the Reveton ransomware have joined Nertra Ransomware team to target Android users, along with Windows, Mac OS X and Linux.

To Deliver the ransomware malware hackers are using various social engineering techniques, include lockers system, fake Antivirus solution, fake audio-video codecs and Browlock ransomware.

According to the researcher, The booby-trapped (malicious) websites are so cleverly crafted in such a way:
  • If victim visits it using Internet Explorer browser, a variant of ransomware Winlock will be offered.
  • If victim surf it with any other browser on Windows, Linux or Mac, they will offer Brownlock malware
  • If victim visits the site with Android browser, he will be redirected to a fake website that will automatically download a malicious application (APK file ) from the browser, disguised as a video downloader.
Like other popular ransomware threats, such as FBI MoneyPak Ransomware, Ukash Virus and Police Central E-Crime Unit (PCEU) Ransomware, Android version also displays a message to threaten the user with arrest or prosecution because child pornography or other objectionable material has been found on the device. Scared or frustrated users are often willing to pay hundreds of dollars to avoid the fine or to free their system again.
Police Ransomware Malware Targeting Android Smartphones
We also came across a report in which a man killed his 4 year old baby and then himself committed suicide after his computer got infected with “police ransomware,” which is an extent of Ransomware that has marked its history by someone’s blood.

If You are already infected by any one of such malwares, stop your keyboard and don't pay the fine. Install updated Antivirus software to get rid of the ransomware virus.

Android users are always advised to treat unrecognized applications or applications from third-party sources with extreme caution and try to always download applications from trusted App Stores.

Thursday, March 13, 2014 Swati Khandelwal

Police Ransomware Malware Fine forced Family to Commit Suicide
Till Now we all have heard about the Ransomware Malware that encrypts your files or lock down your computer and ask for a random amount to be paid in a specified duration of time to unlock it, but this cyber threat has forced somebody for the terrible murder and suicide. It’s true! This could be an extent of Ransomware that has marked its history by someone’s blood.

Marcel Datcu, a 36 year old man, living in the village of Movila Miresii, who was married in 2013 and living happily with his family, killed his 4 year old baby and then himself committed suicide after his computer got infected with “police ransomware,” a Romanian Newspaper, Braila24 reports.

Ransomware is one of the most blatant and obvious criminal's money making schemes out there, from which Cryptolocker threat had touched the peak, and cyber criminals have developed many Cryptolocker versions (prisonlocker, linkup, icepole, cryptobit) by which you have to safeguard your system.

According to the sources, it seems that Marcel had opened few porn sites and infected with a computer virus, i.e., a police ransomware, that displayed a message coming from the Police, informing that he has been fined by the authorities for the violation of the law with a huge amount of 70.000 lei (€15,519 / $21,637) that need to be paid immediately.

After getting such warning from the police, he felt shamed and scared that his young son would pay for his mistake and his life would be spend in the moment of delusion, so he hanged himself in the living room, holding his 4-year-old boy in his arms with a rope around his neck.

His neighbors said that besides the boy who was killed by his father, Marcel and his wife had three other children from previous marriages, and was a happy family.
Police Ransomware Malware Fine forced Family to Commit Suicide
Sources close to the investigation say that the man left the following suicide note to his wife: “I don’t think it’s normal what I’ve done (…) I apologize to all of you (…) I received a warning that said I have to pay 70.000 lei or go to prison for 11 years (…) I don’t want Nicusor [the small boy who was killed] to suffer because of me (…) I can’t stand going to prison. I can’t!

As far as we all know, a Police ransomware usually asks a victim to pay a small fine that last around $200 or €200. The man would have been died imagining that such a large fined amount is very difficult to pay.

Cyber security experts always advises you not to pay the ransom amount that blocks your activities on the computer, as these threats can be easily removed by dedicated tools specially designed to remove such infections.

But, unfortunately everybody is not aware of such threats and this time the price paid was somebody’s life. There are many ways you can protect your computers and devices from the widely spreading Ransomware discussed in our previous post.

Stay Safe! Stay Tuned!

Monday, November 26, 2012 Mohit Kumar

Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware. 

The DNS (Domain Name System) is what transfers host-names into IP addresses, meaning computers can talk to each other and users can access them online.
Godaddy said, "We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems." The Cool Exploit Kit targets a variety of vulnerabilities, including Java errors, and has been seen spreading via drive-by attack websites.

The ransomware served depends on the country of origin. In the UK, it is malware posing as a legitimate message from the Met’s Police e-Crime Unit (PCeU). It locks the computer, on the grounds that the computer was guilty of “ unauthorized cyber activity”, asking for payment to unlock it.

Attackers use vulnerabilities in the platforms and inject malicious code to set up drive-by attack websites. Users should avoid clicking on links sent to them via email or other means, even if the links appear to be legitimate at first glance. For instance, users should ensure their passwords are strong and unique to each website, and two-factor authentication should be readily available.

Saturday, November 10, 2012 Mohit Kumar

Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about. Symantec’s latest research report suggests police-themed ransomware could be a replacement to the once-lucrative fake antivirus scareware trade. According to report, Ransomware distributors are raking in around $5 million dollars a year and the spoils are being spread among just 16 crime groups. Symantec’s estimates suggest a significant but not yet thriving crime business, which delivers each operation, on average, $300,000 a year.

Reticently identified Oracle Java SE Remote Java Run time Environment vulnerability ( CVE-2012-5076 ) leads to Geo located Ransomware Malware. Java vulnerability actually can allows attacker to unauthorized disclosure of information, unauthorized modification and disruption of service.
This Ransomware shows a bogus notification, that pretends to be from the their local Police Department, that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content. So, Police virus will lock you out of your computer and applications. This vulnerability can be exploited over multiple protocols and affects versions are 7 Update 7.

@kafeine posted a detailed technical explanation of the vulnerability on his blog and users are advised to update they're Java or to completely remove it, Eric Romang said. There is a video demonstration (Please do not visit any link provided in video, can be malicious in nature) of  CVE-2012-5076 Oracle Java Exploitation from Eric:


The Police Ransom is a scam and you should ignore any alert that this malicious software might generate and remove this Trojan ransomware from your computer using a good antivirus product. Under no circumstance should you send any money to this cyber criminals,as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!