New malware freezes computer until ransom is paid

Shawn Knight

Shawn Knight

Posts: 15,294   +192
Staff member

The latest trend in malware doesn’t just flood your computer with annoying advertising or attempt to steal your banking information. Instead, it quite literally locks a system down and prevents the user from doing anything on it unless a ransom is paid.

The most recent “ransomware” was detected by abuse.ch and uses a drive-by exploit kit called “Blackhole.” This cheap malware can be purchased via underground forums and infects systems through one or more security vulnerabilities in a web browser or plug-in like Adobe Flash Player, Adobe Reader or Java.

Once infected, the target system becomes locked and users are presented with a bogus region-specific message about why the system is locked and how they can regain control. The ransomware is currently targeting systems in Austria, France, Germany, the Netherlands, Switzerland and the UK.

malware ransomware

The UK variety tells the user that illegally downloaded music has been detected on their machine and attempts to incite fear by highlighting penalties that could result from such material. In this example, users are urged to use PaySafe to transfer £50 ($80) to unlock the computer.

Once complete, the system is “unlocked” and unsuspecting users are none the wiser. But in addition to the ransom, this kit installs another piece of malware called Aldi Bot that is used to steal login credentials as well as initiate DDoS attacks.

The malware author is suspected to be of Russian descent since all of the domain names point to a Russian web provider.

As always, the best defense against drive-by attacks is to keep your browser, plug-ins and anti-virus protection up to date.

Briefcase image from Shutterstock.

Permalink to story.

https://www.techspot.com/news/48480-new-malware-freezes-computer-until-ransom-is-paid.html

 
And the quickest and cleanest way to get rid of it is to simply start Windows in safe mode and do a quick system restore to any point before the malware hit.
 
This isnt really new. Normally they do this under the guise of anti-virus software.

I think if malware creators thought about the consumer more and less about the money they might end up making more money. Instead of just locking down the system they should start by complimenting the user for choosing their malware instead of the competitors malware. Maybe they can make some user-targeted downloadable content. If the user likes music they can download some viruses that play music. Or if the user likes to shop online maybe the malware can show items the user can attempt to buy. I think I could make malware way better than how these other people are doing it. You just need a real business plan.
 
Lurker101 said:
And the quickest and cleanest way to get rid of it is to simply start Windows in safe mode and do a quick system restore to any point before the malware hit.
Click to expand...

Aren't malware or other nasties often not affected by system restore and are still persistent when you rollback?

Might as well boot in safe mode and do a virus scan + mbam.
 
Lurker101 said:
And the quickest and cleanest way to get rid of it is to simply start Windows in safe mode and do a quick system restore to any point before the malware hit.
Click to expand...

I think this causes safe mode to blue screen so an live cd or windows vista/7 install dvd is needed to sort this
 
Case like this is why I have my system booting to ISO images. One ISO image is Seagate DiscWizard, where I can do a complete system recovery.
 
If I ever got this I would just format and reinstall, my My Documents and Program Files folder are on a different drive anyway. I have nothing I made on my C drive so a simple reinstall will fix it or I can use one of my drive image backups I make every week and go back to before the virus, simple to fix really.
 
Camikazi said:
If I ever got this I would just format and reinstall, my My Documents and Program Files folder are on a different drive anyway. I have nothing I made on my C drive so a simple reinstall will fix it or I can use one of my drive image backups I make every week and go back to before the virus, simple to fix really.
Click to expand...

And why wouldn't the malware just to your other drives in the same system?

This would only really hurt a noob.

I have image backs of my rig don't use system restore.

i would be back up and running in about 15mins.
 
How does it freeze your computer? Does it boot up like this web page? Or when you load your internet, does it say you half to pay before you can do anything?

Even if this happens to my computer, I will get it out. I mean, this is easy! I can just boot up in safe mode and remove the virus from there!
 
Well, everyone posting here is pretty tech-savvy. Unfortunately, this could nail quite a few people who aren't quite as up on handling something like this. Especially elderly folks who don't do much more than check e-mails and look up pictures of their grand kids on some hosted site.

It would be nice if Interpol or some other multinational agency could track down and nail the scumbags who are doing this. Unfortunately, Russia has provided zero cooperation in stopping this type of hacking although there is proof all over the place that's where it's coming from. Same thing with China.
 
Camikazi said:
If I ever got this I would just format and reinstall, my My Documents and Program Files folder are on a different drive anyway. I have nothing I made on my C drive so a simple reinstall will fix it or I can use one of my drive image backups I make every week and go back to before the virus, simple to fix really.
Click to expand...

I too keep Documents, Music, Pictures, Movies, and Program Files on a different drive from my Windows install. But having Program Files on another drive isn't going to help you any. If you have to wipe your "C" drive, all those Program Files are now worthless. They have important parts tied into the registry, which is now gone. Now, if you are going to restore your C from a regular backup, that is fine then and it will work. Just pointing out that if you really were going to just reinstall Windows from scratch, your Program Files aren't safe that way.

I just keep Program Files on a different drive because of habit, back in the 9x and early XP days I'd frequently reinstall the OS, and having my Program Files folder still there just was a convenient list to show me what I had installed. If I didn't want a program anymore (after reinstalling Windows) I'd just delete that directory.
 
Stories like this always make me misty and nostalgic for the "good old days", of IE-6, and "Spyware Sheriff"......;)

Besides, if you're stupid enough to leave illegally downloaded music on the computer you downloaded it with, you pretty much have this coming, don't you?
 
TomSEA said:
Well, everyone posting here is pretty tech-savvy. Unfortunately, this could nail quite a few people who aren't quite as up on handling something like this. Especially elderly folks who don't do much more than check e-mails and look up pictures of their grand kids on some hosted site.
Click to expand...
I refuse to have sympathy for people who do not know how to use a computer properly. Call me arrogant but you need a licence to drive a car or own a weapon (in any decent country) and I am of the opinion that if you want to use a computer than you should have the same level of basic understanding. Since there is no test you have to do to qualify for a machine than I see things like this as those tests - adapt or die!


{sigh}...
 
PinothyJ said:
I refuse to have sympathy for people who do not know how to use a computer properly. Call me arrogant but you need a licence to drive a car or own a weapon (in any decent country) and I am of the opinion that if you want to use a computer than you should have the same level of basic understanding. Since there is no test you have to do to qualify for a machine than I see things like this as those tests - adapt or die!


{sigh}...
Click to expand...

Plenty of people have a drivers license and can't drive properly so I'm not sure the point you are trying to make.
 
Artix said:
Lurker101 said:
And the quickest and cleanest way to get rid of it is to simply start Windows in safe mode and do a quick system restore to any point before the malware hit.
Click to expand...

Aren't malware or other nasties often not affected by system restore and are still persistent when you rollback?

Might as well boot in safe mode and do a virus scan + mbam.
Click to expand...
Yes I'd think smart malware would be designed to handle safe mode and system restore. Full admin access allows a whole world of holes to exploit!
 
I live in Wales , UK I had this lock on my laptop about 2 months ago . I 've tried to remove by antivirus at safe mode but nothing happens. Until I'm not going online everything was fine, after when I'm connected to my router and trying to put a web address on my browser the lock has appeared again. I have it to paid £100 to unlock my system.It was so believable , but fortunately I formatted my C and everything was sorted out.
 
These type of Malware disables explorer.exe shell process from starting which is what gives you your desktop in windows, usually fairly easy to remove. However more advanced ones will install a rootkit to enable re-installation and other nefarious schemes.

The easiest way to remove it other than formatting the drive is to slave to another computer and run the various malware scanners, most AVs don't detect these. Also run a rootkit scanner as they're invariably installed.

As to how you get them? Mostly by visiting compromised websites and using drive by attacks from what I've seen. Problem is you often don't realise you're on a compromised site these days as it could be any website that uses a CMS system.
 
SNGX1275 said:
Camikazi said:
If I ever got this I would just format and reinstall, my My Documents and Program Files folder are on a different drive anyway. I have nothing I made on my C drive so a simple reinstall will fix it or I can use one of my drive image backups I make every week and go back to before the virus, simple to fix really.
Click to expand...

I too keep Documents, Music, Pictures, Movies, and Program Files on a different drive from my Windows install. But having Program Files on another drive isn't going to help you any. If you have to wipe your "C" drive, all those Program Files are now worthless. They have important parts tied into the registry, which is now gone. Now, if you are going to restore your C from a regular backup, that is fine then and it will work. Just pointing out that if you really were going to just reinstall Windows from scratch, your Program Files aren't safe that way.

I just keep Program Files on a different drive because of habit, back in the 9x and early XP days I'd frequently reinstall the OS, and having my Program Files folder still there just was a convenient list to show me what I had installed. If I didn't want a program anymore (after reinstalling Windows) I'd just delete that directory.
Click to expand...
Actually it makes reinstalling much faster, the installs tend to leave files that match what they were going to install alone, I have done this already and the reinstall took MUCH less time with Program Files on another drive.
 
Camikazi said:
Actually it makes reinstalling much faster, the installs tend to leave files that match what they were going to install alone, I have done this already and the reinstall took MUCH less time with Program Files on another drive.
Click to expand...
Hit enter too fast :p My primary reason for having Program Files on a second drive is cause my boot drive is a 60GB SSD and I tend to have big programs and games installed, the faster reinstall and no loss of preferences and custom files are just a bonus. I only have certain important programs actually on my SSD the rest go to my secondary HDD.
 
You must log in or register to reply here.

Similar threads

A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
140
brucek
brucek
midian182
Healthcare experienced more cyberattacks than any other sector in 2023
Replies
1
Views
203
liljom
L
midian182
A ransomware group says it has stolen almost 200GB of data from Epic Games (updated)
Replies
5
Views
170
return
return

Latest posts

Back