A new ransomware infection scares its victims by invoking the name of the Department of Homeland Security, and the National Cyber Security Division - and frightens users further by posting a webcam picture of themselves in a pop-up window as it demands money.
The warning was issued by the United States Computer Emergency Readiness Team. The malware has been detected in the wild, US-CERT says, saying that users report a message claiming that use of their computer has been suspended, and that they must pay a fine to unblock it.
One version of the malware also takes a webcam picture of the victim and posts that image in a pop-up “to add to the appearance of legitimacy,” US-CERT says.
“The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division,” US-CERT says. “Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or perform a clean reinstallation of their OS after formatting their computer's hard drive.”
US-CERT advises affected users to report the incident to the FBI at the Internet Crime Complaint Center (IC3).
Earlier this summer, a similar “ransomware” attack was discovered in Europe, which attempted to scare victims into paying up by using the name of Britain’s SOCA crime unit - the Serious Organized Crime Agency - an organization dealing with drugs, people smuggling, human trafficking, major gun crime, fraud and computer crime.
The scam is currently a common one. Several WeLiveSecurity stories relating to recent “ransomware” can be found here. An in-depth analysis of a malware campaign - the Home Campaign - which infects users with ransomware can be found here.
ESET Security Evangelist Stephen Cobb explains how this sort of malware works in a detailed blog post here.
Author Rob Waugh /Rob Waugh, WeLiveSecurity/