,
Donald DeBolt, director of threat research, Total Defense
April 02, 2012
Threat of the month

Threat of the month: Ukash ransomware

What is it?
What makes this threat unique is the effective use of localization and the impersonation of a law enforcement body. It highjacks the computer and holds it hostage for payment.

How does it work?
The malware is a PE file distributed via email or downloaded by other malware. It replaces the Explorer.exe file on the system and blocks GUI access to the file system and taskbar. A graphic is presented claiming the computer has been used to commit an act of terrorism. A demand for payment is levied in the form of a fine.

Should I be worried?
This attack vector is working throughout Europe. The bug removes the original Explorer.exe file, but doesn't target data. Recovery is possible by restoring the original Explorer.exe file via the command line and deleting the malware executable.

How can I prevent it?
Awareness goes a long way. Plus, performing regular backups will limit the impact if data is targeted.
From the April 2012 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Research

Sign up for our newsletters

POLL

More in Research

Mobile security

Mobile security

BYOD has enhanced productivity, but increased security concerns.

Virtualization

Virtualization

Although the promise of reduced costs has appealed to many enterprises looking to migrate legacy network systems to virtualization, security experts warn that the move must not trump careful contemplation ...

Application security

Application security

The threats to applications are evolving beyond the simple notion of "find exploit, access system, steal current data."