Ransomware App Asks Victims to Pay a Phone Bill

Ransomware is nothing new, but a Ukrainian ransomware Trojan that came over the transom last week demonstrated that the concept of “payment” can extend to services other than banking or finance. In this case, the Trojan (which we and several other AV companies call Trojan-Ransom-Krotten) thoroughly locks down the infected system then demands payment—in the form of credit paid to the Ukrainian mobile phone provider Kyivstar, which the victim then has to transfer to the malware distributor’s account.

Yes, Alice, the hacker wants you to pay his cellphone bill.

Once the ransomware has taken hold on a victim’s computer, it locks down the operating system in dozens of different ways, as well as changing several registry keys that add juvenile, profane text to Internet Explorer’s title bar and elsewhere on the desktop and in folders.

Webroot Threat Blog

Leave a Reply