Cybercrime network … this is big problem in your computer.
Spanish Police, working closely with the European Cybercrime Centre (EC3) at Europol, have dismantled the largest and most complex cybercrime network dedicated to spreading police ransomware.
It is estimated that the criminals affected tens of thousands of computers worldwide, bringing in profits in excess of one million euros per year.
Operation Ransom resulted in 11 arrests – the first was a 27-year-old Russian, responsible for the creation, development and international distribution of the various versions of the malware.
He was arrested in the United Arab Emirates and is currently awaiting extradition to Spain.
Furthermore, one of the criminal network’s largest financial cells in the Costa del Sol was dismantled. Spanish Police also arrested another 10 individuals linked to the financial cell:
six Russians, two Ukrainians and two Georgians.
Six premises were searched in the province of Ma’laga, where IT equipment used for the criminal activities was confiscated.
In addition, investigators seized credit cards used to cash out the money that victims paid via Ukash, Paysafecard and MoneyPak vouchers, as well as around 200 credit cards which were used to withdraw €26 000 in cash prior to the arrests.
The financial cell of the network specialised in laundering the proceeds of their crimes, obtained in the form of electronic money.
For this, the gang employed both virtual systems for money laundering and other traditional systems using various online gaming portals, electronic payment gateways or virtual coins.
They also used compromised credit cards to extract cash from the accounts of ransomware victims via ATMs in Spain.
As a final step, daily international money transfers through currency exchanges and call centres ensured the funds arrived at their final destination in Russia.
Police ransomware is a type of malware that blocks the computer, accusing the victims of having visited illegal websites containing child abuse material or file sharing, and requests the payment of fine to unblock it.
By dressing the ransomware cybercrime up to look as if it comes from a law enforcement agency, cybercriminals convince the victim to pay the ‘fine’ of €100 through two types of payment gateways – virtual and anonymous – as a penalty for the alleged offence.
The criminals then go on to steal data and information from the victim’s computer.
Since the virus was detected in May 2011, there have been more than 1200 reported cases just in Spain, and the number of victims could be much higher.
Operation Ransom was led by the Spanish Police (Technological Investigation Squad of the Central UDEF, part of the General Commissariat of the Judicial Police, with the cooperation of the Provincial Police Station and the GOES from Costa del Sol -SPANISH NATIONAL POLICE-.) and coordinated by Europol and Interpol.
Other crucial partners included Eurojust, the attache’s of the Ministry of Interior of the Spanish Embassy in Moscow and the Spanish Embassy in the UAE.
For advice on how to prevent becoming a victim of police ransomware, please read our Tips & advice to prevent police ransomware infecting your computer….
How to Know When You’re Under a Ransomware Attack
Ransomware trojans are among the simplest of PC threats to identify since they will always attempt to prevent you from using your computer normally and will display very obvious ransom-related messages in their attacks.
Some subclassifications of ransomware that our malware experts have noted according to their symptoms include:
Ransomware trojans that encrypt files.
This form of ransomware makes you unable to use popular file types (such as text or media files) and often displays its ransom message when you attempt to launch an encrypted file.
Encryption may or may not be removable by third-party tools, and if removable, it doesn’t cause permanent harm to the files in question.
However, under no circumstances do our malware researchers recommend paying criminals to acquire a decryption utility or code, since it’s highly likely that the criminals will simply take the ransom without giving anything in return.
Ransomware trojans in this category include Trojan.Encoder.94, the QWCiPhErEd Trojan and Trojan.Ransom.HM.
Ransomware trojans that threaten to encrypt files but refrain from doing so. Since encryption takes some additional coding effort to pull off, some forms of Ransomware will simply warn you about fake encryption attacks and then block you from using them without actually encrypting them.
Disabling the ransomware with standard anti-malware tactics will allow you to access the files as usual.
Ransomware trojans that block other programs.
This variant of ransomware will terminate other programs once they’re seen in memory or delete components to make them dysfunctional (such as Registry entries).
If this ransomware deletes components, you may need to restore some files from a backup or reinstall the affected programs.
Using the Long Arm of the Law to Slap Ransomware Off of Your PC
Although precise solutions may vary with the type of ransomware that attacks your PC, our malware research team recommends that you always try to disable ransomware before you remove it, ideally with anti-malware software.
Most forms of ransomware will hinder your ability to use security and anti-malware programs in some way, and they may launch themselves with your OS to do so.
In cases where Safe Mode is inadequate or inapplicable for disabling ransomware, you should consider booting your PC from an uninfected source, which can include USB drive devices, DVDs and CDs.
Once you’ve launched your PC without symptoms of ransomware being open, anti-malware scans should be adequate for detecting and deleting the ransomware and any other PC threats that may be related to its attacks.
However, encrypted files will remain encrypted, and programs that have been damaged may need to be reinstalled or restored from a backup.
Click Below to Start Your Spyware & Virus Detection Tool….download >>> SpyHunter-Installer
SpyHunter Download Instructions…
- Save SpyHunter-Installer.exe” on your computer.
- In the download dialog box, double click the “SpyHunter-Installer.exe” file.
- Click the “Run” button to start the setup program.
- During setup, click the “Next” button to move on to the next step of the setup program, and then click “Finish” on the last step. If the dialog box prompts you to enter information, you have the choice of adding your own information or simply accept the default information that the setup program provided.
- Once the program has completely installed, you can delete the setup file from your Desktop. To open your new program, click the “Start” button, select “Programs”, and then click the SpyHunter icon.