Popular security firm Avast has demystified the attack procedure of the ransomware which has been perplexing internet users lately. The said ransomware targets the web-browsers and trick users to believe that FBI has raided their computer.
How this ransomware worked
If you have not done a crime, you shouldn’t be worried about it. The ransomware we are talking about here hijacks the web-browser of the victim and presages them with deceptive error messages. It disguises itself as FBI and claims that it has found you watching banned pornography. This is followed by a message which states that your computer has been locked, and all the data inside it has been encrypted. Now that it has threatened you, comes the part where it tries to snatch some money out of you. It starts a 48-hour countdown timer after which the victim will be sent to the court, unless they pay a fine. This post on how to prevent Ransomware will suggest steps to take to stay protected and offer links to ransomware removal tools.
This ransomware in order to make it seem legit played many of the cards right. Avast investigated on it to reveal how it worked. First of all, it changes the headline of the webpage to “FBI. ATTENTION! Your browser has been blocked.”. The name of the page is “gov.cybercrimecenter.com”, which will make the victim think that it is, in fact the FBI which is doing all this.
You know you didn’t watch the movies mentioned on the page, and of course, you didn’t store illegal files. Do you really think that upon identifying a child pornographer, that the government will tell them to pay a small amount of money as a fine and let them go? On closing the dialog box, the victim was told that all the data will be wiped off from the computer, even if you press, it reappeared. In fact, Avast found that the script which is running behind has been made to run 100 times.
On testing how well our web-browsers deal with it, Avast found that on the updated version of Chrome & Opera, the ransomware pages and tricks don’t work properly, and are thus able to provide some level of security by disallowing the script from running multiple times. The rest of the browsers, which include Internet Explorer, Firefox and Safari couldn’t perform as well. Avast reports that its AntiVirus is successfully preventing the users from this ransomware.