Incident Response, Malware, TDR

Before shutdown, ransomware op spreading “Icepol” caused 42,000 U.S. infections


A security firm and Romanian police teamed up to analyze the damage pulled off by a ransomware operation targeting the U.S. and other countries.

According to Bitdefender Labs, malware, dubbed "Icepol," was installed approximately 42,400 times in the U.S. over a five month period last year.

Bitdefender and Romanian national police released the information on Wednesday via an email to The findings on the infections, which occurred from May 1 to Sept. 26, 2013, were revealed after law enforcement seized servers operated by the group in Bucharest.

Icepol locked down victims' computers and tricked them into believing they needed to pay a ransom to “police” to regain access to their machines, after pirating software or viewing pornographic content.

As part of another money-making scheme, saboteurs behind the campaign also designed the malware so that victims were redirected to websites via a pay-per-click scam.

Icepol predominately impacted users in the U.S., but also targeted a significant number of individuals in Germany and Italy, where tricksters successfully carried out around 31,700 and 24,800 installs, respectively, Bitdefender revealed.

The firm and police estimate that more than $32,000 was stolen from U.S. victims over the five-month period.

“The Icepol trojan extorted victims who downloaded it by sending them a message in any one of 25 languages purporting to be from police accusing them of downloading copyrighted material or illegal porn,” a research document provided by Bitdefender said.

Last November, Bitdefender Labs also revealed that another nasty piece of ransomware, called CryptoLocker, had been successfully installed on more than 12,000 victims' machines, primarily in the U.S., in less than a week.

CryptoLocker tricked users into paying a ransom via MoneyPak or Bitcoin, so that files encrypted by the malware could be unlocked.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.