New Ransomware Attack Underway

Security researchers at CA have found a new so-called "ransomware" attack underway. There are many things you can say about malware writers. Most of it would be NSFW. But you can't say they don't work hard at what they do.We've seen rogueware, ransomware, and scareware do all sorts of things from force people to buy software that infects their systems to encrypting files to freezing the entire PC. In this attack, the scammers simply block Internet access.

According to this post at CA's Security Advisor Research Blog, the malware, Win32/RansomSMS.AH, comes bundled with software named uFast Download Manager. The software is installed without any indication to the user, and (shocker here) the uninstaller does not work.

CA provided a screen shot of an infected system, which appears to be a Windows XP box, but no indication in their post what other operating systems could be affected.

Here's the ransom note, as translated by CA:

"Internet access is blocked due to violation of the license agreement schedules of uFast Download Manager You must activate your copy Get a registration code by sending an SMS with the following code fw0004199 to number 7122

In response you will receive an activation message. Enter the activation message received from the SMS response ________

" CA claims to have created an activation code generator, to help users regain their Internet access.

It's not a wild guess to expect much more online criminal activity like this during the holiday season, so be careful where you browse and what you download.

Here's a recent post on the rising threat of Rogueware.

For my security and technology observations throughout the day, consider following me on Twitter.