Three police ransomware fraud suspects arrested

Three fraudsters suspected of running a police ransomware fraud scheme in the UK have been arrested by London’s Metropolitan Police’s e-Crime’s unit.

Police arrested a 34-year old man, a 30-year old woman and a 26-year old man from Stoke on Trent after searching three addresses on Tuesday. All three are being held in custody on suspicious of conspiracy to defraud.

Over the past year London’s Met has warned citizens several times not to pay fines demanded by police ransomware. Victims' screens are usually become frozen on a page containing police badging and a warning that local law enforcement has detected illegal computer activity, ranging from piracy to child pornography.

The scam asks victims to pay a fee of around $100 to $200 to unlock their computers.

The ransomware used in these campaigns is different to the recent spate of targeted attacks on Australian small businesses. In those cases, the attackers used asymmetric encryption before demanding several thousand dollar payments, whereas ransomware variants used in police themed attacks typically only lock a screen.

Symantec has a detailed description of the ransomware spectrum here while has kept an archive of all the police-themed ransomware lock pages here.

The Met’s previously published figures on ransomware victims in the UK suggest fraudsters convert about 3 per cent of infections into actual payment.

Exactly what impact the arrests have on the ransomware problem in the UK remain to be seen.

One reason why ransomware has become popular is that different “locker kits” are available for sale for a few hundred dollars.

The Malware Don’t need Coffee site, run by malware research kafiene, recently reported the “Multi locker” variant was available on a Russian forum for $899. The package included training, online support, constantly refreshed page locks, and a “comfortable” admin panel.

A new design for ransomware targeting US computer users that kafiene has discovered purports to be from the Justice Department. Instead of the $200 fraudulent fine, criminals now demand $300 and include an actual image of child pornography on the lock screen.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags ransomware


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.