2 min read

Multi-Language Ransomware Mentions Police to Enforce Payment

Bogdan BOTEZATU

November 13, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Multi-Language Ransomware Mentions Police to Enforce Payment

Grab the free removal tool and put your machine back on track in no time

When it comes to innovation, cyber-criminals have no borders, or that’s what we believe after analyzing this piece of multi-language malware detected as Trojan.Ransom.IcePol.The ransomware adds itself to the Startup Registry key in order to ensure persistence after every reboot. As soon as the computer starts, the screen gets locked and displays a message in the user’s language, if the user is located in a country that speaks one of 25 languages. The message states that the computer got locked as suspicious activity (download of copyrighted material or of “illegal pornography”) was detected. Of course, the system can be unlocked by paying a ransom, euphemistically described as “fine”.

 

 

In order to block access to the system, the Trojan Adds itself to the Winlogon\Shell registry key in the Current User branch and denies access to Windows Explorer for the current user. This way, the user is locked on the outside, with no chance to run an antivirus solution or a removal tool.

If you have become infected with this ransomware Trojan, use a working computer to download the Bitdefender removal tool.

  • Copy it on a flash drive then boot the affected computer in Safe Mode with Command Prompt and log into the account of the affected user. This is extremely important as your desktop is – most likely – locked by the malware.
  • Use the command prompt to launch the removal tool from the removable medium and run it. The scanning process is extremely targeted to the specific areas of the system which are affected by this particular e-threat, so the whole process should only take between five and ten seconds.
  • Reboot the computer and start it normally. Your desktop should now be unlocked.

Removal tool courtesy of the Bitdefender malware cleanup team

UPDATE: New article details spread of infection, here.

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read