Users who visited the website found themselves infected with malware called ‘Kovter’ – there was no need for the user to click on the advertisements. It is very common for unsuspecting users to click on hyperlinks or download attachments to allow malware to be installed. In this particular case, no interaction was required by the user other than just visiting the site. Very sophisticated and very clever, the hackers targeted websites that are very popular in order to guarantee maximum spread of the malware.
Why would law enforcement ask for payment to a pre-paid credit card?!
Once the ransomware is installed on the computer, it cuts off the communication from the keyboard and the mouse which prevents the user to do anything other than powering off the computer. At this point, the ransomware blocks out the screen with a message claiming that it is law enforcement and that the user was caught viewing child pornography. The ransomware then demands a payment of USD$300 to a pre-paid Visa or MasterCard using MoneyPak. Unlike most ransomware, this version does not encrypt the hard drive. Apparently, Kovter has also infected Google’s software – but what type and in what capacity is unclear at this point.
At the time of this feature being published, there was no response from Google on this matter yet. Huffington Post however, took steps in remediation to remove the malware from its site.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a great (Malware-free) day!