Ransomware goes for Spamhaus

Just a few weeks ago, we had seen attacks, heading for the DNS-structure of the anti-spam-organization Spamhaus. Although these had not by far the impact that some origins reported, delivery of legitimate e-mails was delayed and filtering of spam messages was significantly impaired.
For cyber criminals, the non-profit organization might not be among the most popular internet services. But obviously it is as established and well recognized in these circles, that cyber criminals have dedicated a branded version of the BKA-Trojan to it.

spamhaus ransomware

“You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws”

This or something similar is the unmistakable message. And like the BKATrojan and his international colleagues, the victim is threatened with criminal charges, which could be prevent by a penalty charge (via MoneyPak this time) and by paying the charge, the access to the computer is promised to be recaptured by the victim:

“You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay afire of $300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP address will be restored to good standings with XBL Block List. If you don’t pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our lasses. Do not take a chance to be convicted as a felon.”

If Your PC is infected with this ransomware, please follow this list of measures:

  • Stay calm and do not pay anything!
  • Have a look at our workshops, and scan your computer with an updated antivirus program. We recommend a complete scan of the PC.
  • If full disinfection is not possible, consider reverting the system to the last saved configuration with System Restore, or reformating/reinstalling it from backed-up-files.
  • Manual disinfection is a risky process; it is recommended only for advanced users. Please seek professional technical assistance.

How to avoid such infections?

  • Also check whether your operation system is up-to-date:  CSIS Heimdal security agent can assist you here!
  • Use a professional anti virus solution.
  • If possible, use a second opinon scanner like the botfrei.de Edition of HitmanPro.
  • We suggest the usage of “script blockers”: Those only allows the processing of script code after the users allowance: For firefox NoScript or FlashBlock are two great examples.
  • Avoid half- or illegal streaming platforms.
  • Accept downloads only from thrustworthy sources.
  • Do not open eMail attachments if you are not waiting for them or if they come from unknown senders.