Police ransomware arrives in Ireland

Crypto-cop ransom ruse expanding terrain.
  • Liam Tung (CSO Online (Australia))
  • — 10 September, 2012 09:40

Ireland’s National Police Service Garda has advised citizens not to pay a fee demanded by police-badged ransomware that has been localised to dupe Irish targets.

Irish citizens are the latest to be hit by police-themed ransomware that typically demands payment from victims to unlock their files. Irish victims, whose PCs are actually infected with malware, are told that the Garda's “automated information control system (AICS)” has detected the victim has visited an illicit page.

Garda explained how the ransomware is tailored:

“When the user is infected, the malicious software contacts a C&C (Command and Control) server that detects the country it’s coming from. It downloads a localised graphic with the appropriate language and the police logo and hijacks the user’s screen so that they can’t do anything "until the fine has been paid".”

Victims PCs are infected after visiting a compromised and booby-trapped website that typically exploits flaws in widely-used software to infect them.

Like UK police ransomware victims, Irish victims are encouraged to pay a €100 fee to release the files by using vouchers from UK payments company UKash.

The Garda's alert comes weeks after London’s Metropolitan Police Service reported that 36 people had paid a £100 fee to unlock their computers after being infected by police-themed ransomware. The UK scam also asks for payment via UKash vouchers.

The FBI also issued a similar warning to US citizens this August, labelling the threat “Reveton” that was also being bundled with the Citadel malware. According to t, the target’s IP address informs the malware which payment service to offer. There it asks for payment by MoneyPak.

According to the Garda, Italy recently reported police-themed ransomware had taken 4,000 victims. Other European nations hit include Germany, Spain, France, Italy, Great Britain, Belgium, Czech Republic, Luxembourg, Estonia, Netherlands, Portugal and Austria.

The conversion rate for police-themed malware in Europe is about 3 per cent, according to research published by Krebsonsecurity.com.

There have been no reports of Australian police-themed ransomware yet.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »