Threat of the month: Ukash ransomware
What makes this threat unique is the effective use of localization and the impersonation of a law enforcement body. It highjacks the computer and holds it hostage for payment.
How does it work?
The malware is a PE file distributed via email or downloaded by other malware. It replaces the Explorer.exe file on the system and blocks GUI access to the file system and taskbar. A graphic is presented claiming the computer has been used to commit an act of terrorism. A demand for payment is levied in the form of a fine.
Should I be worried?
This attack vector is working throughout Europe. The bug removes the original Explorer.exe file, but doesn't target data. Recovery is possible by restoring the original Explorer.exe file via the command line and deleting the malware executable.
How can I prevent it?
Awareness goes a long way. Plus, performing regular backups will limit the impact if data is targeted.
From the - April 2012 Issue of SCMagazine »