Researchers said they have detected infections on machines in the United States, Canada and the U.K. And now, other countries are experiencing attacks. F-Secure traced the attacks to a server in St. Petersburg, Russia.
If users surf to a compromised site foisting the scam or click on a malicious ad, their screen becomes locked, and a message is displayed. The messages are customized to appear like they come from federal authorities in the victim’s home country or region, including the European Cybercrime Centre and the Royal Canadian Mounted Police.
Users are told they have violated the law because either they have committed copyright infringement, viewed or distributed child pornography, or unknowingly allowed their computer to be accessed to install malware. They are further advised that to unlock their computer and avoid prosecution, they must pay a fine of, in one case, 200 pounds, or $310, through an online payment site.
“This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab,” F-Secure Labs wrote in a blog post.
Ransomware scams are prevalent. The FBI has estimated criminals profit roughly $150 million annually through the ruses.
Victims are advised to keep their anti-virus technology up to date and to never pay the miscreants behind the scams. Removing ransomware is usually possible with the help of a security solution, but oftentimes the process can be complicated and may require restoration of one’s operating system, which could result in the loss of documents or applications.