Ransomware in the wild again

A new trend in hijacking PCs and holding their users to ransom has been identified by a US security company.

A form of malware employing pay-by-phone extortion has been identified as a new means for cyber criminals to literally hold users' PCs to ransom.

The new 'ransomware,' as it's being called, locks up a user's PC and demands $35 (17.67) to renew bogus "browser security and anti-adware software" licences before returning control back to the user, a US security research firm said earlier this week.

The backdoor Trojan, identified by Florida-based Sunbelt Software as "Delf.ctk" is typically installed through security exploits, giving an attacker unauthorised access to a PC and the means to remotely control it without the user's knowledge.

The resulting fake Microsoft alert screens which lock up the system direct users to the internet protocol (IP) address of a payment processor of pornographic websites, 'passwordtwoenter.com' and a number of other similar sites.

Sunbelt chief executive, Alex Eckleberry, said in a blog posting on Monday that "you're completely locked out of the system" after the Trojan is run and installed, and that the only way to regain control is to pay the fee being demanded via phone numbers it lists.

Both the telephone numbers and websites sharing the passwordtoenter.com IP address trace back to a Seychelles-based company called Global Voice. But the company has failed to respond to email enquiries about the reports.

"Apparently, this is a payment processor that's now being used for malware, whether they know it or not," added Eckleberry.

Although ransomware is not a completely new cybercrime tactic, the last outbreak was reported over six months ago, when the Trojan horse "Gpcoder," froze user access to PC files for a ransom of $300 (151.44) a time.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021