Ransomware is a type of malware characterized by blocking access to the system or files in exchange for a payment. On the blog I have discussed several cases such as cyber criminals who made a thousand dollars a day with an SMS ransomware or the one that overwrites the MBR and threatened to erase the entire hard drive if 100 dollars were not paid.
But one of the ones who has given the most talk this year pretends to be a message from the policeWhen the user becomes infected, a warning appears that refers to illegal activity and a fine that must be paid. Everything is false but many unsuspecting users, for various reasons, end up paying.
This ransomware has been translated into several languages and is for sale in underground forums, the following is a screenshot of a version that pretended to be the police in Spain:
How do these malwares spread?
Generally, victims are infected without knowing it by downloading programs of dubious origin or false applications that are propagated by social engineering (supposed plugins, updates, etc., in the case of a thousand dollars a day, they did it with fake porn players).
Botnets are also used for this, a botnet is a network of computers that are infected, if the administrator (botmaster) wants it or another cybercriminal contracts their services, they could install the ransomware remotely.
Another method that is very fashionable is use of crimewares or exploit kits that infect computers automatically exploiting vulnerabilities. The following screenshot published by Microsoft on its security blog summarizes the operation of these kits, in this case of one known as Blackhole that is used to spread police ransomware:
It all starts with spam links or infected sites that direct users to malicious pages, these pages bombard the computer looking for vulnerabilities in the plugins (Adobe Reader, Flash, Java) and the operating system … when a vulnerability is detected the malware is simply downloaded automatically and hidden.
That is why it is always recommended to keep the system and all programs updated, the vulnerabilities that these kits seek to exploit are generally known and have already been patched by the manufacturers (in some cases years ago), that is, keeping everything updated is greatly reduce the chances of infection.
See also: Video: false image infecting Windows.BlackHat SEO + Java vulnerable = hidden Trojan download.