Multi-Language Ransomware Mentions Police to Enforce Payment
Grab the free removal tool and put your machine back on track in no time
When it comes to innovation, cyber-criminals have no borders, or that’s what we believe after analyzing this piece of multi-language malware detected as Trojan.Ransom.IcePol.The ransomware adds itself to the Startup Registry key in order to ensure persistence after every reboot. As soon as the computer starts, the screen gets locked and displays a message in the user’s language, if the user is located in a country that speaks one of 25 languages. The message states that the computer got locked as suspicious activity (download of copyrighted material or of “illegal pornography”) was detected. Of course, the system can be unlocked by paying a ransom, euphemistically described as “fine”.
In order to block access to the system, the Trojan Adds itself to the Winlogon\Shell registry key in the Current User branch and denies access to Windows Explorer for the current user. This way, the user is locked on the outside, with no chance to run an antivirus solution or a removal tool.
If you have become infected with this ransomware Trojan, use a working computer to download the Bitdefender removal tool.
- Copy it on a flash drive then boot the affected computer in Safe Mode with Command Prompt and log into the account of the affected user. This is extremely important as your desktop is – most likely – locked by the malware.
- Use the command prompt to launch the removal tool from the removable medium and run it. The scanning process is extremely targeted to the specific areas of the system which are affected by this particular e-threat, so the whole process should only take between five and ten seconds.
- Reboot the computer and start it normally. Your desktop should now be unlocked.
Removal tool courtesy of the Bitdefender malware cleanup team
UPDATE: New article details spread of infection, here.
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
How We Tracked a Threat Group Running an Active Cryptojacking Campaign
July 14, 2021
A Note from the Bitdefender Labs Team on Ransomware and Decryptors
May 26, 2021
New Nebulae Backdoor Linked with the NAIKON Group
April 28, 2021
Good riddance, GandCrab! We’re still fixing the mess you left behind.
June 17, 2019