In the last couple of years, malware that hijacks the users’ machines and demands money to “unblock” it has become an often encountered threat.
Messages presented by this “ransomware” usually contain warnings that seem to come directly from law enforcement agencies and accuse the user of having downloaded pirated music tracks or movies.
The entity behind the warning and the language used in the message are usually well matched, but as Microsoft researchers have shown, that is not always the case.
In a very recent example, the ransomware authors made quite an effort with HTML style sheets and content in order to trick the users into believing that GEMA (a German music copyright organization) is the author of the warning, but they unexpectedly used the English language for it:
The malware detects the users’ IP address and host name, and tries to threaten them into paying a 100 Euros via Paysafecard, a popular European pre-paid electronic payment method. The message also helpfully notes where such a card can be bought.
Once the payment is effected and the password entered, the computer should ideally be “unlocked”, but that outcome is by no means certain.