Novel ransomware tactic locks users’ PCs, demands that they participate in a survey to get the unlock code

by

Share this news now.

By Dancho Danchev

From managed ransomware as a service ‘solutions to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs.

In this case, by forcing their users to complete a survey before they receive the unlock code.

More details:

Sample screenshot of the actual advertisement at a cybercrime-friendly international underground marketplace:

Ransomware_Survey_Monetization

Its customers are able to add up to two survey links allowing them to earn more revenue from the ransomware victims who would be unwillingly participating in the surveys. The ransomware blocks the Task Manager, CMD, Regedit and the Start Menu. Its author accepts Bitcoin.

Despite the fact that the ransomware doesn’t pose any sophisticated features — bypassing signatures based antivirus scanning is not a feature, it is an every day reality – it provides and example of an efficient business model aiming to utilize cost-per-action (CPA) affiliate networks in an attempt to generate revenue for the market participants.

We’ll continue monitoring the development of this ransomware, and most importantly, whether or not this monetization model will scale across the international underground marketplace.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.


Share this news now.
Novel ransomware tactic locks users' PCs, demands that they participate in a survey to get the unlock code by

Tags:



About the Author

Name: Dancho Danchev
Role: Contributing Threat Researcher

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can also follow him on  TwitterGoogle+ or Facebook.


Share this news now.
Novel ransomware tactic locks users' PCs, demands that they participate in a survey to get the unlock code by

Trackbacks

  1. […] Packaged scams to get victims (referred to as “slaves”) to complete online surveys using ransomware have begun appearing in underground cybercrime forums. Webroot has a write-up on one such scam, together with screeenshots, in a blog post here. […]

  2. […] in an attempt to generate revenue for the market participants,” Dancho Danchev wrote in a blog post where he also included a screenshot of the malware’s description that was posted on an […]