Russian ransomware uses NSA as scam cover

Is the NSA demanding that you pay up for a cybercrime? How outrageous is that?

Luckily, the NSA isn't actually behind any of this. This is just another scam to get your money involving fake law enforcement. In a recent blog post , IT security company Blue Coat addressed last week's attacks on visitors to the php.net Web site. Their investigation revealed that one of the sneakier ransomware applications wrote ransom notes to victims using personal information that the victims believed was from the NSA.

Ransomware apps don't seem to be very creative lately. Most follow the same pattern: victims receive what appears to be an official notification that they've committed a cybercrime, usually including child pornography. In order to get out of this latest ransomware mess, the scam demands the victim pay $300 (£186) through an untraceable payment card.

Based primarily in Russa, ransomware gangs use geolocations of victims' IP addresses to deliver fake warnings with names and logos of nations' law enforcement organisations. For instance, if you're in Australia or Canada, the threats you receive could include images of blue heelers or mounties to make the threat look all the more real. At the top of US victims' screens are NSA and Central Security Service logos.

Once installed, the malware visits Google or MSN to see if the computer is online. After it successfully connects, it performs an initial check-in with its home base by sending some data to a server in Ryazan, Russia, a city southeast of Moscow. The malware then uploads a chunk of encrypted data to the Web server xaraworkbook.us.

Check-ins to Web servers continues about once every five minutes. The check-in connections all have a ransomware affiliate ID and the infected computer's profile information. Interestingly, the particular file paths mentioned in the ransomware notice don't exist in Windows XP.

You might think it's unlikely that you'll ever be victim to one of these scams, but it's always better to be safe than sorry. Be smart about protecting your personal data because you never know what cybercriminals have up their sleeves next.

The NSA has been finding it hard to keep out of the headlines lately, with its officials being told to evoke 9/11 sympathies when justifying mass surveillance, alongside news that the NSA site was hacked, which it vehemently denies.

Topics

nsa