In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones are posing as the very same law enforcement agencies.
While we are use to see this kind of fake messages in English, in this case the attacks are localized, we have seen English, German, Spanish or Dutch language (among others), depending on the targeted country. All of the attacks are targeting some European country, so it looks like that all of them are related and the same cibercriminal gang could be behind them.
The last one has appeared a couple of days ago, this time it is targeting Spain. The file is using as icon the following Internet meme:
Once infected, this is what you will see in your desktop:
In the message it says that it has been detected access to illegal material (such as child pornography and spam about terrorism) from that computer, and that the computer will be locked to prevent such a use. To solve that you have to pay a fine of €100:
The worst thing for the user is that it actually blocks the computer, so it is not easy to remove. To do it, restart the computer in safe mode and run a scan with an antivirus solution that is able to detect it.
These are different examples we have seen in the last months:
We have this in canada now posing as “Canada Security Intelligence Service”