Internet users: do not become a hostage to ransomware

20 Sep 2012

IT security player ESET has warned that Irish computers are becoming infected with ransomware – with users being blackmailed into handing over cash for the return of their computers. In some cases, ransomware has arrived as Gaeilge!

The hackers use poorly translated Irish language in a message that claims the user’s computer has been locked – either by garda or by some government agency – for some alleged illegal activity, such as downloading illegal content or distributing malware, and can only be unlocked if a €100 fine is paid within 72 hours via some convenient online payment service.

“The ransomware ‘as Gaeilge’ in this case is just a variety of several localisations by the cyber-criminals, as the same content also targeted computer users in the UK, Holland, Poland, Spain, France, and Belgium, adapting the language to the locations of the victims,” ESET’s Urban Schrott said.

Schrott said that in one case the scammers even made a mistake and mixed up the Irish .IE and Iranian .IR domains, which resulted in Irish computers displaying Iranian text.

“This is, of course, all fake, as no official institutions would use such methods for fining offenders, but several of these messages are accompanied by the garda logo or an Irish flag, to make them appear legitimate.

“The malware will usually not ‘unlock’ an infected computer even if the victim sends money to the required address, and the computer will remain infected until it is properly cleaned by an expert,” Schrott said.

In cases where users come up against these threats, Schrott said that under no circumstances must users transfer funds to the scammers.

Nor should they attempt to remove the infection using ‘removal’ tools found online as in many cases these are also infected.

He said users should have a professional clean their computer with legitimate virus removal software if infected.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years