Researchers have discovered a new form of ransomware that scans computer users’ local files and social media accounts for evidence of child abuse and pirated material.
Once downloaded onto a computer, the Ransoc virus scans files, torrents and social media profiles for incriminating content, such as strings associated with child pornography. If it finds any suspicious material, the virus locks the device and creates a bespoke ransom note, demanding the immediate payment of a penalty to settle the matter out of court.
The note lists potential fines and jail terms that could arise from being caught with this type of material on a computer, informing victims that they have three hours to pay the fine or face having any data collected made public during a court trial. Victims are told their money will be refunded provided they are not caught committing any similar offences within a 180-day period.
Security experts believe the virus is distributed via malvertising campaigns on adult websites, and seeks to infect Internet Explorer browsers on Windows and Safari on OS X. The ransom notes generated by the malware use personal information harvested from social media accounts to make them appear more plausible. Unusually for ransomware attacks, payment is demanded by credit card as opposed to a cryptocurrency such as Bitcoin, which is much more difficult for police to trace.
Cybersecurity firm Proofpoint, which carried out a detailed examination of the virus, said: “By incorporating data from social media accounts and Skype profiles, Ransoc creates a coercive, socially-engineered ransom note to convince its targets that they are in danger of prosecution for their browsing habits and the contents of their hard drives.
“With bold approaches to collecting payments, the threat actors appear confident in their targeting, introducing new levels of sophistication to ransomware distribution and monetisation.”
In September, Europol’s Internet Organised Crime Threat Assessment 2016 report revealed that ransomware had become the most prevalent form of online theft, eclipsing traditional malware threats such as banking Trojans. As well as individual computer users, ransomware hackers are increasingly targeting private companies and public organisations, including the UK’s National Health Service.
Although law enforcement authorities advise against paying ransomware demands, many firms feel they have no choice but to do so when faced with the prospect of being locked out of their IT systems. A September 2016 survey of UK IT decision makers by Trend Micro found that 65% of respondents who had been targeted in ransomware attacks ended up meeting hackers’ demands. Despite this, Trend Micro noted that awareness of such attacks is increasing among business leaders, although only 18% of respondents perceived them as a threat to their operations.