Ransomware has become a popular way for the bad guys to extort money from users. It is usually installed by drive-by exploit kits such as Blackhole and Cool. After a user is infected, his machine is made inoperative and he will see a warning screen that claims child porn, copyright material, unlicensed software and malware have been found on his computer. The ransomware page says the machine will only be unlocked when the victim pays a fine. Paying the fine does not result in the extortionists unlocking victims’ PCs.
This weekend we started seeing for the first time pornographic images included in the warning pages, obviously to increase the fright factor of the scam. The ransomware page states that the image (removed below) is someone named Sherry Paris whose date of birth is reported to be 05-26-1998 — which would make her 14 years old. On this page, the fine has increased from the $200 we’ve seen on such pages during the last year, to $300.
The Web Threats researchers also found three other new ransomware pages used by the Blackhole and Cool exploit kit operators. Like all previous designs, they demand a fine of $200, payable by the untraceable MoneyPak payment system.
– AVG Web Threats Research group