New malware strain locks up computers unless ransom is paid

A type of “ransomware” is hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog. It locks people out of their computers unless they pay the right amount of money.

c|net reports that the malware was spotted by security blog abuse.ch, and taps into an exploit kit known as “Blackhole.” Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader.

If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software’s weakness by downloading the Trojan to the PC and then running it. Once the PC is infected, the user will receive a message on the screen saying that the computer has been locked for illegally downloading pirated music.

The message aimed toward those in the U.K. further says that “to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds,” around $80. The directions instruct the user to submit payment using an online payment system called Paysafecard. The message itself tries to look official with a logo of the Metropolitan Police at the top.

The malware has so far been targeting users in the U.K., Germany, France, Switzerland, Austria, and the Netherlands. The criminal behind this campaign appears to speak German, according to abuse.ch, since the local URLs used in this scam are all in German.

But the messages are, of course, written in the native language of the intended victims of each country, even going so far as to tell them where and how to obtain Paysafecard locally. The ransomware carries a further payload in the form of a Trojan called Aldi Bot, which steals banking information, abuse.ch added.