Spoofed reported attack pages lead to ransomware

Spoofed reported attack pages have been the lure of choice of fake AV and ransomware peddlers for quite some time now, so it shouldn’t come as a surprise that a recent malicious campaign spotted by GFI researchers uses a variation of it spurring users to install an “update” for Internet Explorer.

The offered update is, of course, fake and the downloaded code actually locks the user out of his PC and plasters a huge warning across the user’s screen – complete with a “Police Line Do Not Cross” graphic – telling him that he 19 “unlicensed software, movies and music” files have been found on his computer, along with “materials with p*rnographic content (including homosexual content p*rnography)”.

While threatening to send the “evidence” to the police, the scammers generously offer the user a way out:

It is highly unlikely that the phone call to one of the given numbers will cost only $0.7. Also, nobody guarantees you that once you pay up, you’ll get back the control over your computer.

Unfortunately, if your AV solution hasn’t detected the file as malware and the scheme failed to arouse suspicion in you at the very beginning, you are now stuck with an unresponsive computer.

There is some ransomware out there whose effect can be bypassed, although it’s difficult to tell if this one belongs to that group. Search the Internet – from another machine, obviously – for clues and possible solutions to this particular problem.

If you back up our data regularly, you have nothing to worry about – worst case scenario, you’ll have to reinstall your OS and restore your data.