Corporate Partners

Three police ransomware fraud suspects arrested

Three fraudsters suspected of running a police ransomware fraud scheme in the UK have been arrested by London’s Metropolitan Police’s e-Crime’s unit.

Police arrested a 34-year old man, a 30-year old woman and a 26-year old man from Stoke on Trent after searching three addresses on Tuesday. All three are being held in custody on suspicious of conspiracy to defraud.

Over the past year London’s Met has warned citizens several times not to pay fines demanded by police ransomware. Victims' screens are usually become frozen on a page containing police badging and a warning that local law enforcement has detected illegal computer activity, ranging from piracy to child pornography.

The scam asks victims to pay a fee of around $100 to $200 to unlock their computers.

The ransomware used in these campaigns is different to the recent spate of targeted attacks on Australian small businesses. In those cases, the attackers used asymmetric encryption before demanding several thousand dollar payments, whereas ransomware variants used in police themed attacks typically only lock a screen.

Symantec has a detailed description of the ransomware spectrum here while Botnets.fr has kept an archive of all the police-themed ransomware lock pages here.

The Met’s previously published figures on ransomware victims in the UK suggest fraudsters convert about 3 per cent of infections into actual payment.

Exactly what impact the arrests have on the ransomware problem in the UK remain to be seen.

One reason why ransomware has become popular is that different “locker kits” are available for sale for a few hundred dollars.

The Malware Don’t need Coffee site, run by malware research kafiene, recently reported the “Multi locker” variant was available on a Russian forum for $899. The package included training, online support, constantly refreshed page locks, and a “comfortable” admin panel.

A new design for ransomware targeting US computer users that kafiene has discovered purports to be from the Justice Department. Instead of the $200 fraudulent fine, criminals now demand $300 and include an actual image of child pornography on the lock screen.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags ransomware

Market Place