<<<
NEWS FROM THE LAB - Wednesday, August 14, 2013
>>>
 

 
Browlock Ransomware Targets New Countries Posted by SecResponse @ 15:30 GMT

In the past few weeks we have been following the relatively new "police ransomware" family we call Trojan:HTML/Browlock. This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab.

Since we first saw it targeting folks in the US, Canada, and UK, we have been expecting it to expand to new countries. As expected, users in other regions are now seeing a localized message from their local law enforcement.

Here are the lock screens for Browlock as seen from different countries:

Browlock in UK

Browlock in AU

Browlock in NL

Browlock in ES

Almost all the ransomware families seem to have great difficulties in finding a translator to create localized lock pages with good quality. Readers that pay close attention (okay, any attention is probably enough) will notice some slight problems with the German localization:

Browlock in DE

For Canadians, the design of the lock screen has stayed roughly the same:

Latest Browlock in CA

We did notice that the fine has dropped from 250 CAD to 150 CAD compared to a previous lock screen below. It seems that in today's economy, even ransomware victims can't be expected to pay up such high prices.

Old Browlock in CA

While the domain names change, all of the lock screens are currently being hosted on a single server in St. Petersburg:

Browlock Server

We detect the lock screen as Trojan:HTML/Browlock.A.

Post by — Antti and Karmina