Author of Three Critical Ransomware Families Arrested in Poland




A well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains, Tomasz T. was arrested in Poland on Wednesday, but the announcement was made by the Polish Law Enforcement on Friday.

They had been tracking him for quite some time and were ready this time to go ahead with the arrest.
Tomasz T. a.k.a. Thomas or Armaged0n - a Polish citizen who lives permanently in Belgium is responsible for conducting cybercrime such as DDOS attacks, sending malicious software to compromise several computers and using ransomware to encrypt the files.

While working through Europol, the Polish police had alerted their Belgium counterparts, who thusly searched his house and seized the computer equipment, laptop and remote servers also including encryption keys.

 “Apparently, the suspect has been active since 2013, when he first started targeting users via a banking trojan that would replace bank account numbers in users' clipboards with one of his own, so to receive undeserved bank transfers.”
-          according to the Prosecutors.

He was able to spread this ransomware through the means of email by pretending to impersonate official correspondence from well-known companies such as DHL, Zara, Cinema City, PAY U, WizzAir and many more. While utilizing the Online portal, Tomasz operated under the epithet "Armaged0n," which he used on the infamous Hack Forums cybercrime portal too.

The Polish tech news site Zaufana Trzecia Strona (ZTS) was the first to draw the lines between the three ransomware strains to the Armaged0n persona and later tracked down an extensive email spear-phishing operation.

Armaged0n Hack forum profile

The police suspects that Tomasz infected thousands of users with ransomware and made over $145,000 from his criminal undertakings. ZTS, CERT Poland, security analysts, police, and the impersonated companies all worked together to track him down.

Polish Cybercriminal has been accused with various complaints such as accepting and transferring funds from crimes, infecting computer systems with malware such as the Polish Ransomware, Vortex or Floter and for influencing automatic data processing for financial benefits. All these ransomware’s Decryption keys have likewise been collected from his system.

The suspect, questioned by the prosecutor, conceded to the 181 different crimes that he was charged with.

Nonetheless, after performing the procedural steps, the prosecutor filed a motion to apply to him a temporary detention for a period of three months.


Password Theft Becomes The New Goal For Hackers

Barracuda Networks a month ago hailed a "critical alert" when it discerned an attack that endeavoured to steal user's passwords. This risk baits victims with Microsoft 365 Office files asserting to be tax documents or other official reports; assailants utilize dire dialect to persuade people to open the attachment.

Files named "taxletter.doc" and phrases like ""We are apprising you upon the arisen tax arrears in the number of 2300CAD" are a major example of the strategy utilized by hackers. Users, when they download and open the malignant record are hit with the password stealer. At the point when the report opens, a macro inside launches PowerShell, which acts out of sight in the background while the victim views the document.

Fleming Shi, senior vice president of technology at Barracuda, comparing this threat with phishing attacks of the past, says "Today's documents are far more active … you're putting in a lot of content, media, links," he further added in this context "Bad guys are leveraging the dynamic, active manner of the documents today to weaponized their files."

Millions of individuals have known to be affected by these phishing emails as attackers figure out how to dodge detection by creating different emails. While Exchange server makes up an extensive segment of individuals affected the alternate sorts of email accounts are additionally focused with the malevolent records.

This password theft is expanding in general, an indication of attackers moving their objectives and procedures, Shi clarifies further. Ransomware was huge a year ago; but this year, password stealers are showing up in phishing emails, browser extensions, and different programs as hoodlums chase the login information.
The real reason however, concerning why usernames and passwords have been focused on is on the grounds that they are equipped for giving access to numerous frameworks and applications that a specific user is attached to and operates at a regular schedule.

"Some attackers try to be like a sleeper cell on your system," Shi notes. The subtle signs that slowly bring it to the users focus and lets them know that their system has now been compromised and that they’ve lost control over all their applications is the conventional slowing down of their systems and the sudden upsurge in the pop-ups displayed.

"Some attackers try to be like a sleeper cell on your system," Shi notes.

A month ago, the IRS Online Fraud Detection & Prevention Centre (OFDP) reported an ascent of compromised emails in the beginning of January 2017 as the IRS authorities are also prescribing alert in the midst of an expansion of tax related phishing emails.
Here and now the cybercriminals are going for mass information burglary, and it's a timely opportunity for assailants to exploit users' wariness of tax season and make their crusades more compelling. In this way, it is smarter to be mindful and watchful while opening any business related or official looking report got by means of mail or some other online medium on the grounds that around here, it's better to be as careful as possible.

Advancing Ransomware Attacks and Creation of New Cyber Security Strategies

As ransomware is on the rise, the organisations are focusing too much on the anti-virus softwares rather than proactively forming strategies to deal with cyber-attacks which could pose as an indefinite threat to the users. Nevertheless one of the good advices to deal with this issue is the creation of the air-gaps, as through these it becomes quite easy to store and protect critical data. It even allows the offline storage of data. So, when a ransomware attack occurs, it should be possible to restore your data without much downtime – if any at all.

But it usually happens so that organisations more often than not find themselves taking one step forward and then one step back. As traditionally, the ransomware is more focused on backup programs and their associated storage but on the other hand it seems very keen on perpetually targeting the storage subsystems which has spurred organisations into having robust backup procedures in place to counter the attack if it gets through.

So in order for the organisations to be proactive it is recommended that they should resort to different ways to protecting data that allows it to be readily recovered whenever a ransomware attack, or some other cyber security issue, threatens to disrupt day-to-day business operations and activities.

Clive Longbottom, client services director at analyst firm Quocirca explains: “If your backup software can see the back-up, so can the ransomware. Therefore, it is a waste of time arguing about on-site v off-site – it comes down to how well air locked the source and target data locations are.”

However, to defend against any cyber-attack there needs to be several layers of defence which may or may not consist of a firewall, anti-virus software or backup. The last layer of defence that is to be used by the user though, must be the most robust of them all to stop any potential costly disruption in its track before it’s too late. So, anti-virus software must still play a key defensive role.

A ransomware attack is pretty brutal, warns Longbottom, “It requires a lot of CPU and disk activity. It should be possible for a system to pick up this type of activity and either block it completely, throttles it, or prevents it from accessing any storage system other than ones that are directly connected physically to the system.”

Now coming down to the traditional approach, it is often observed that data centres are in position in close proximity to each other in order to easily tackle the impact of latency, but for the fact they are all too often situated within the same circles of disruption increases the financial, operational and reputational risks associated with downtime.

Therefore there are a few certain tips that could allow the user to successfully migrate data to prevent ransomware attacks:
• The more layers you can add the better.
• User education.
• Update your Back-up regularly - it can be the last layer of defence.
• Have a copy off site – tape or cloud but don’t leave the drawbridge down.
• Planning of your backup process for your recovery requirement.

By following these one could successfully prevent cyber-attacks with ease and precision.

Unknown Hackers demand Ransom in Bitcoin

Recently the news came out of a ransomware attack in Old Delhi after three of the hacked victims came forward to uncover more about the attack. The victims i.e. the traders were demanded ransom in Bitcoin from the unknown hackers.

Although it is believed that the hackers are supposedly from either Nigeria or Pakistan, they were responsible for encrypting files on the computers of the businessmen which comprised of key records. The hackers at that point, as indicated by the police coerced the victims, gave them the links to purchase bitcoins through which they needed to make payments for the release of critical documents.

 “Some traders paid in Bitcoins and got their data back. Some deposited the money from abroad. When my data was hacked, I spoke to fellow traders and learnt that there were other such cases. I wrote to the hackers and they agreed to decrypt the files for $1,750 (around Rs 1.11 lakh),” Mohan Goyal, one of the victims was quoted saying in the report.

According to reports, the hacked traders found the message that said there was a 'security issue' in the system displayed on their computers. The traders were then given case numbers and email addresses for correspondence. They were then at first offered decryption of five of their documents and files for free by the hackers, who later demanded the payment of ransom for the rest of the records.

While one of the IP address utilized by hackers was purportedly traced back to a system in Germany, but the fingers remain pointed towards hackers from Nigeria and Pakistan.

Experts say that for making it difficult to trace the money, getting the money in bitcoin works for the hackers. The Delhi crime branch which registered the FIR has already sent the hard disks of the complainants for further forensic tests. As of not long ago, three complaints already have been registered by the police and it is believed that the number of victims could be much higher.

Ukrainian CyberPolice arrest the Hacker accused of spreading "Petya.A" virus



Ukrainian officers from cyber crime department have arrested a 51-year-old resident of Nikopol (Ukraine, Dnipropetrovsk region), who is suspected of spreading computer virus "Petya.A".

Petya is a ransomware that infects the Master boot Record(MBR). If the malware successfully infectes the MBR, it will encrypt the whole hard drive. Otherwise, it encrypts all files.

According to the local news report, the suspect published an online tutorial video explaining how to use the "Petya.A" malware to infect victim's computers. In the comments section, he also shared a link to social network on which he has uploaded the malware and distributed.

The police have conducted a search at the residence of the suspect. They have seized the computer equipments and found malicious software which is similare to the "Petya.A".

The malware is said to be infected more than 400 computers. Also a number of companies intentionally used this virus to conceal criminal activity and evasion from the payments of penalties to the state.

In June 2017, ESet reported that large number of infections happened in the Ukraine. The affected Ukrainian industries includes financial sector, energy sector.

- Christina

WannaCry Ransomware in simultaneous attack on firms and organizations around the world


To their utter dismay, May 12, 2017 saw firms and organizations in many countries around the world, including geopolitical rivals Russia and the US, suffer from mass attacks of the Malware WannaCry. This ransom malware appropriately also goes by the names of WCry, WannaCry, WannaCrypt0r and WannaCrypt – it did make some cry.

In a few hours WannaCry infected tens of thousands of devices. Experts from Avast have indicated that upwards of 57000 devices have already been infected. It is understood that Taiwan, Russia and Ukraine were the main targets of the Malware – quite a strange mix. Quoting specialists from Kaspersky, a Russian news agency reported about 45,000 WannaCry attacks in 74 countries around the world, with Russia being the most affected.

Corporate victims include the likes of Fedex, Spanish majors such as Telefonica, Gas Natural, Iberdrola and Santander Bank, and KPMG. The health care sector, already amongst the most vulnerable, was also hit. Targets here included UK’s National Health Service and other medical institutions in the UK

According of journalists of "Medusa", Russian targets included MegaFon, the Ministry of Internal Affairs and the Investigative Committee of the Russian Federation.

This malware, WCry, was first discovered in February 2017. It has evolved and “mutated” over the last few months, and the more potent Vesion 2.0 uses an SMB-exploit of the NSA from a toolkit published earlier by hacker group The Shadow Brokers.

It is believed that “Kafeine”, a French expert, was one of the first to discover the new mutation of Trojan. Kafeine realised that WannaCry was updated and adopted exploit EternalBlue. This exploit was written by NSA whiz kids to use vulnerabilities in SMBV1. A few other security specialists confirmed the discoveries of Kafeine.

Microsoft, in March 2017, developed a fix for ETERNALBLUE. However, paranoia is yet to set in amongst many computer users, and thus many did not make use of the fix. This lackadaisical attitude has now been exploited. As always, a sense of déjà vu prevails amongst cyber security pros.

For those interested, please click below to observe the spread of WannaCry in real-time - . https://intel.malwaretech.com/WannaCrypt.html

A Threat that encrypts data on offline mode

Researchers at Check Point Technologies have discovered an ‘offline’ ransomware that encrypts files on the infected machine without communicating with a command and control (C&C) server.

The ransomware which mainly targets Russian users, has been in existence since around June 2014. Since then, a dozen files have been released and the latest among them is CL 1.1.0.0 which was made available in mid-August.

Security products detect various versions of the threat as Ransomcrypt.U(Symantec),Win32.VBKryjetor.wfa (Kaspersky) and Troj/Ransom-AZT (Sophos).
After the threat infects a computer, it encrypts important files after which it changes the desktop background to a message in native language, ‘Russian’ informing the users about their encryption of files.

Victims are then asked to pay between $300 and $380; depending on how fast they pay up, to receive a decryption tool and the key needed to recover their files.

Due to its offline feature and detachment from C&C server, it becomes more difficult for security solutions that identify threats based on their communications to detect and neutralize the malware.

According to Check point researchers, the malware is designed only to encrypt files and it does not have much other functionality. However, its efficiency on its function is high enough which makes it impossible to recover files without paying the ransom.

The beginning (first 30000 bytes) of each file is encrypted using two buffers of digits and letters that are randomly generated on the infected machine. The encryption process includes taking each original byte along with one byte from each of the randomly generated buffers and performing mathematical operations on them.

The remainder of each file (if it exists) is encrypted using an RSA public key (“local”) that is randomly generated on the infected machine, along with the matching local RSA private key required for decryption of the data.

The randomly generated buffers and the local RSA private key that are required for decryption are added as metadata to each encrypted file, and are then encrypted using three hardcoded RSA 768 public keys that the offender created in advance (“remote”). The matching remote RSA private keys required to unlock the metadata are located on the attacker’s side.”

Ransomware campaigns are highly profitable for cyber criminals who can make huge amounts of cash by encrypting files of Russian users. 

Beware of CryptoWall Ransomware, victims reporting losses totaling over $18 million


FBI's Internet Crime Complaint Center's (IC3) data shows CryptoWall as the most current and significant Ransomware affecting millions of individuals and businesses in US.

CryptoWall and its variants have been targeting people since April 2014, between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

The victims incurs ransom fees between $200 and $10,000, there are additional costs which includes network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

The system becomes infected when the victim visits or clicks on the infected advertisement, email, attachment  or  infected websites- The malware encrypts the victim's file stored on the infected machine. Ransomware schemes demand payment in Bitcoin as  it is easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

Victims can register the complaint to local FBI field office, or may also file a complaint with the IC3 at www.IC3.gov.

Think twice before you open email attachments from unknown senders


Security researchers of Checkpoint have discovered a new ransom threat dubbed Troldesh, which is also known as Encoder.858 and Shade.

The Troldesh, which was created in Russia, has already affected numerous users across the world. The Troldesh ransomware typically encrypts the user’s personal files and extorts money for their decryption.

“Troldesh is based on so-called encryptors that encrypt all of the user’s personal data and extort money to decrypt the files. Troldesh encrypts a user’s files with an “.xtbl” extension. It is spread initially via e-mail spam,” Natalia Kolesova, anti-bot analyst at the Check Point, wrote in a blog.

She said that they found a distinctive characteristic in Troldesh besides the typical ransom features. 

The inventors of Troldesh directly communicate with the user by providing an email address, which is used to determine the payment method.

According to Kolesova, once a corrupted email is opened, the malicious threat is activated. Then, it will start encrypting the user’s files with the extension .xbtl.

Along with the files, users’ names are also encrypted. Once the encryption process is done, the affected user is displayed a ransom message and is being redirected to a ‘readme’ text for further information.

In a bid to stay safe, users are advised not to open anything suspicious by unknown senders.

“Many cases have been reported by the users paying the ransom without having their files decrypted. In order to avoid ransomware, it is important to back up important data previously on an external storage device or in a cloud,” she wrote.

The researcher said that the affected users have to download a powerful anti-malware tool to scan the system and remove the ransomware.

The researcher said she contacted the hackers via an email and asked for a discount.

“I was very interested to learn more about the ransom and tried to start a correspondence with the attackers. As required, I sent the specified code to the e-mail address provided, one that is registered on the most famous Russian domain,” the researcher wrote.

The crooks had demanded 250 euros to decrypt all of the files.

However, after the researcher asked to reduce the amount, the criminals agreed to lower the ransom to €118 / $131, payable via QIWI money transfer system.

Simplocker : First Android Ransomware that Encrypts files in Your Device

Ransomware is a type of malware that locks you out of your computer until you pay a ransom.  In some cases, it can actually cause more serious problems by encrypting the files on your system's hard drive.

Last year, Symantec discovered an android malware with hybrid characteristics of Fake AV and Ransomware. Last month, Bitdefender identified an android version of Ransomware which was being sold in the underground market.  The malware bluffed victims into paying a ransom but didn't actually encrypt the files.

Until now, there have been no reports of android malware that encrypts the files.

Security researchers at ESET say they have spotted the first variant of Ransomware that encrypts files in your Android Device.

The malware, dubbed as Simplocker, shows a ransom message written in Russian which informs victims that their device is locked for  viewing and distribution child porn.

It scans the SD card for certain file types such as image, document or videos, encrypts them using Advanced Encryption Standard(AES), and demands money in order to decrypt them.


It also gathers information about the infected device and sends to a command and control server.  The server is located in Tor ".onion" domain for purposes of anonymity.

Don't Pay:
"We strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them" Researchers at ESET say. 

Hackers lock iPhones remotely and demanding $100 to unlock it


In recent hours, a number of users from Australia had a nightmare as cyber criminals locked their devices and demanding payment of a ransom.

The locked devices show the following message "Device Hacked by Oleg Pliss" and instructs victims to send $100 dollars to lock404@hotmail.com to unlock their devices.

The cyber attack came to light, after one user from Melbourne shared his experience in Apple support forum and asked help to fix the problem.  Following his post, several users have reported of being affected by this attack.

It appears hackers used stolen Apple IDs and passwords to access iCloud account that allowed them to lock victim's devices and display a message.

What you should do? Don't pay the Ransom !
Affected users are advised to contact Apple directly to regain access to their account.  

Once you have access to your account, change the password immediately and enable two step authentication feature for your account.

Power Locker - Cybercriminals attempt to sell New Ransomware called Prison Locker

MalwareMustDie(MMD) Team came across an advertisement in an underground forum where an Individual is trying to sell his new Ransomware, called Power Locker also known as Prison Locker.

The Cybercriminal goes by online moniker "gyx" coded the malware in C/C++ and advertizing the ransomware in various underground forums. 

The ransomware in question is said to have many features such as "detecting the Debugger and Virtual Machines in order to avoid being analyzed by security researchers", "Displaying warning window in a new desktop".

At the starting, "gyx" asked others to help him to code the GUI part of the malware and promised to pay them.  Member of MalwareMustDie Team disguised himself as malware coder and had an IRC chat with him. He also managed to get the source code of the malware.  You can find the full conversation here.

MMD Team has doxed the Gyx and collected some interesting info about the identity of the malware author.  The dox leads to a person claimed to be a security researcher who is blogging about security  ("wenhsl.blogspot.in/").  They also identified the twitter account of him(@wenhsl).


The fun fact is that he was also trying to communicate with MalwareMustdie from his twitter account.

New Cryptolocker Ransomware capable of spreading via Pen Drive


CryptoLocker Ransomware, to date, generally spread via various online method such as fake emails containing the malware, drive-by downloads or via any other already infected malware. So far, the malware has been successful in infecting more users.

It appears the cyber criminals behind the cryptolocker malware are not satisfied with the infection ratio.  So, they have added new features in their new version.

A new variant of cryptolocker has been detected by Trend Labs that comes with new features to spread from victim's machines. This variant has the ability to spread via Removable drives.

"This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants." Researchers say.

Unlike the previous variants, the malware now uploaded in Peer to Peer (P2P) file sharing site, pretends to a cracker for various software such as Adobe Photoshop, Microsoft Office. This helps the attackers to easily infect systems without the need of spending time in sending spam mails.

However, the malware is failed to use a Domain generation algorithm(DGA), feature that enable the malware to evade detection as it use a large number of random domain names.

"This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability." Researchers said.

Antivirus that will alert about Criminal and Illegal content for $500

Isn't the title interesting?! There is no such Antivirus that will alert about criminal and illegal content.  It is being advertised in recently discovered ransomware.

Ransomware usually lock the victim's system or browser and displays a warning message pretending be from FBI or any other authority.  It will inform victims that their system is locked because of their illegal activities and asks them to pay money to unlock  it.

A new ransomware spotted by Malwarebytes team interestingly informs the victims that "Your criminal records have been deleted". 


The malware also suggest the victims to buy an Antivirus for $500 from them in order to unlock the system and avoid other legal consequences.

Those who fall for this scam end up in paying around $1200 dollars.  As i said earlier,  there is no such kind of antivirus exist.  After paying ransom, you will just receive a message "your browser will be unlocked within 12 hours" nothing else.

CryptoLocker ransomware reduce the price for decrypting files

As a bitcoin value continuous its climb, now it is more than $800, the criminals behind cryptolocker ransomware have also come with up an idea to reduce the price for decrypting files to 0.5 Bitcoins.

Initially, the ransomware were asking victims to pay 2 Bitcoins as ransom in order to decrypt their files.

The victims who failed to pay the ransom within a particular time will be asked to use their decryption service if they want to get back their encrypted files.  However, victims need to pay more than before.


The new variant of CryptoLocker ransomware spotted by F-Secure security team on November 20 is asking users to pay 0.5 Bitcoins instead.

Cybercriminals capture Images of people watching porn to trick them to pay ransom

Image Credits: WAToday - Illustration: Matt Golding.
A New Ransomware that poses as Australian Federal Police attempts to turn on the webcams of people watching porn and captures images of them.

Once the image of the user is captured, the malware locks the desktop and shows a warning message saying that "they have breached federal laws relating to child pornography, copyright or privacy".

The warning message includes the image of the victim. This will certainly horrify the victims.

According to WAToday report, the victims are then told to pay a ransom of $100 to $199 within 72 hours. The malware claims that if they failed to, the data in their disk will be wiped.

''We've taken some very interesting calls; some people are very open, while others swear they have been hacked while using Facebook" The WAToday quoted AFP as saying.

New Ransomware Shadowlock demands to fill out Survey to unlock the Infected system

Ransomware is a malware which is designed to trick the victims into believing their computer is locked for illegal activities and demands money to unlock it.

However, the new ransomware variant spotted by Symantec researchers demands victims to complete survey in order to unlock their system instead of demanding money.

Once the system get infected, it displays a popup box in which victims will be asked to enter an unlock code that you will get, when you complete the survey offered by the malware.

Shadowlock Ransoware popup -  Image Credits : Symantec

You can't close the pop-up box and you will not be allowed to close the trojan with Task Manager, CMD, RegEdit or MSConfig , you will also be denied to access the Restore point facility.

According to Symantec's malware report, the threat is capable of closing popular browsers, disabling the certain system tools and disabling windows firewall.

This new variant has the greatest possibilities for success in making money for the cybercriminals because victims will be ready to do the survey instead of paying money.

Reveton Ransomware upgraded , now it speaks to victims


Do you ever think a virus can speak to you? It seems like the Ransomware does.  The Reveton Ransomware that prevents victims from using their computers and displays rogue message , has been upgraded - now it speaks to victim, according to TrendMicro.

Ransomware, also referred as cryptotrojans, is a kind of malware that restricts access to the computer system that it infects. Usually it will display a fake message in full screen (victims can't close or access anything) , purporting to come from law enforcement agencies in various countries and instruct victims to pay a fine for allegedly accessing or storing illegal content on their computers.


Interestingly , The latest variant also plays a audio message urging users to pay ransom.



"The user won’t need a translator to understand what the malware is saying – it speaks the language of the country where the victim is located." The researcher says.

Unlike the previous variants, this variant also connects to specific url to send and receive information from a remote user , downloads an encrypted .dll and WAVE file.

New Ransomware use Anonymous name, "Your computer has been hacked by the Anonymous"


Now a days, the number of ransomware attack is increasing.  Usually, the ransomware claim that victim has violated the law and names law enforcement (such as the CIA or FBI) to scare victims. Then , it will ask user to pay some ransom for unlocking thier computer.

Interestingly, new ransomware has been discovered by the Swiss security blog Abuse.ch that names the Anonymous Hackers instead of law enforcement.

In a tweet, Researcher posted about the Ransomware " #Ransomware: "Your computer has been hacked by the Anonymous Hackers Group and locked for the moment." pic.twitter.com/cmcSA0gY"


The new ransomware displays the following message instead:

We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

 Tango down!

    Your computer has been hacked by the Anonymous Hackers Group and locked for the moment. All files have been encrypted. You need to pay a ransom of £100 within 24 hours to restore the computer back to normal. If the ransom is not paid on time all the contents of your computer will be deleted and all your personal information such as your name, address, D.O.B., etc. will be published online, after this has been done the process, ram and motherboard will be fried. Any attempts to remove this virus will result in the consequences mentioned.

To unlock the computer, the ransomware ask user to  pay the money through ukash.  "When you pay the ransom your pc will get unlocked in 1 to 3 hours" The ransomware statement reads.


The strong reasons why it was not created by Anonymous:
  •  Anonymous never harm Individual users(i believe), Anonymous is activist who hack governments not innocent users
  •  Anonymous calls itself just "Anonymous" not "Anonymous Hackers Group."
  •  Anonymous never concerned about money.
  • *"Tango down" is the word used for DDoS attack not for malware attack.




1,100 UK computers infected by Police Ransomware



Cyber Criminals have managed to infect more than 1,100 computers with Ransomware to extort money from unsuspecting members of the public by impersonating the Met’s Police Central e-Crime Unit (PCeU).

According to press release, Police have received 1,100 reports from the public of the malware affecting their computers. 36 people in the UK have paid money, each losing £100.

The ransomware infects PCs after people accessed infected websites, and caused the PCs to freeze and lock, with a message purporting to be from the e-crime Unit advising the user they are required to pay a fine to unlock the computer.

"This is a fraud and users are advised NOT to pay out any monies or hand out any bank details. "Police representatives said. "This scam is now affecting many countries in Europe and further afield, with each email tailored to include the branding of that country's law enforcement agency. Europol are coordinating with Europe's law enforcement agencies on this matter."

Users are advised to install Internet Security software. You can also use Comodo IceDragon browser that will block malicious domains.