Ireland’s National Police Service Garda has advised citizens not to pay a fee demanded by police-badged ransomware that has been localised to dupe Irish targets.
Irish citizens are the latest to be hit by police-themed ransomware that typically demands payment from victims to unlock their files. Irish victims, whose PCs are actually infected with malware, are told that the Garda's “automated information control system (AICS)” has detected the victim has visited an illicit page.
Garda explained how the ransomware is tailored:
“When the user is infected, the malicious software contacts a C&C (Command and Control) server that detects the country it’s coming from. It downloads a localised graphic with the appropriate language and the police logo and hijacks the user’s screen so that they can’t do anything "until the fine has been paid".”
Victims PCs are infected after visiting a compromised and booby-trapped website that typically exploits flaws in widely-used software to infect them.
Like UK police ransomware victims, Irish victims are encouraged to pay a €100 fee to release the files by using vouchers from UK payments company UKash.
The Garda's alert comes weeks after London’s Metropolitan Police Service reported that 36 people had paid a £100 fee to unlock their computers after being infected by police-themed ransomware. The UK scam also asks for payment via UKash vouchers.
The FBI also issued a similar warning to US citizens this August, labelling the threat “Reveton” that was also being bundled with the Citadel malware. According to t, the target’s IP address informs the malware which payment service to offer. There it asks for payment by MoneyPak.
According to the Garda, Italy recently reported police-themed ransomware had taken 4,000 victims. Other European nations hit include Germany, Spain, France, Italy, Great Britain, Belgium, Czech Republic, Luxembourg, Estonia, Netherlands, Portugal and Austria.
The conversion rate for police-themed malware in Europe is about 3 per cent, according to research published by Krebsonsecurity.com.
There have been no reports of Australian police-themed ransomware yet.