Ransomware is not new to the malware game but there is one especially dirty player that is surfacing more frequently. Damballa’s threat research team has seen infections related to the Kovter malware double over the past month – up from 7,000 infections to about 15,000 infections. As with many other varieties of Ransomware, the threat operator takes control of your computer and displays a message saying you broke the law. The ‘ransom’ is to pay a fine (typically around $300) to regain normal use of your computer. The warning states you will face severe fines and prison time if you don’t pay the fine before the deadline.
In the US, Kovter uses the prepaid card MoneyPak as the payment method of choice while Ukash and paysafecard are used for victims in other locations. These payment methods give attackers untraceable, readily accessible funds in electronic cash with no red tape.
It’s important to note that paying the ransom will not remove the malware from your system or restore your computer functionality in most cases.
We have a screen shot of the U.S. version of the Ransomware, courtesy of security researcher Kafeine’s Malware don’t need Coffee blog post.
Kovter primarily targets those who visit adult websites but anyone is fair game. Many Ransomware families capture and display system and user information to legitimize allegations of a ‘crime.’ Kovter takes this to an extreme. The malware scans your browser history searching for adult websites and associated cached content, which it presents on the splash screen while locking your computer as ‘evidence’.
If no adult website browsing history is found, the malware will manufacture ‘evidence’ by redirecting your browser to a randomized adult website where it logs the history and retrieves content to display. This horrendous malware family has even been known to retrieve and display child pornography content.
Like any good blackmailer, Kovter tries to shame its victims into silently paying the fine and keep their extortion attempts secret.
Don’t be a good victim. Use trusted sources and tools to remediate infections and report computer-related crime to your local, state, federal or other authorities. You can also file a complaint with the Internet Crime Complaint Center (IC3). This experienced team, which is a partnership between the FBI and the National White Collar Crime Center, can help determine which law enforcement agencies should be involved in these types of criminal investigations.