Fake Police Ransomware Scam

Uploaded on 2017-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber Criminals used JavaScript from another domain to trick users into believing that their devices had been compromised by a police ransomware.

Apple Inc issued a quick iPhone software update to iOS (10.3) recently when its customers reported a series of ransomware attacks targeting Safari browser.

It all started in February 2017 when iPhone users were targeted with a ransomware note accusing them of watching X-rated and pirated content. 

Furthermore, the cyber criminals claimed that it will be impossible to remove the ransomware until a sum of USD 124 (Euro 115) in the form of iTunes gift card is sent to a particular phone number.

The ransomware note was phony since clearing Safari browser’s cache would allow users to access the browser again. 

The crooks were taking advantage of JavaScript in order to trick users into believing that their browser has been compromised due to illegal activities.

The JavaScript in this attack was taken from a website called pay-police.com and was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appeared to DOS (denial of service) the browser.

The researchers at IT security firm Lookout wrote in their blog post that “the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realises he doesn’t have to pay the ransom to recover data or access the browser.”

Simply put, the cyber criminals were abusing Safari browsers to scare unsuspecting users into pay money, however, Apple took the treat seriously and issued the update before these elements could further abuse the browser settings.

This is not the first time when Apple’s Safari browser has been used for malicious purposes. Previously, a critical flaw allowed state actors to use Safari browser to hack celebrities, activists and journalists.

It is a fact that Apple devices are the prime target for scammers and cyber criminals. Recently a group of hackers calling themselves Turkish Crime Family threatened to wipe up to 300 million iPhones unless Apple paid a massive amount in ransom.

HackRead

You Might Also Read: 

Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness:

Browser Autofill Can Be Used To Steal Data:

Targeted Ransomware Attacks Are Focusing On Business:

 

 

« Drones, Satellites And Cyber Warfare
US Intelligence Agencies Fear Insiders As Much As Spies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.

BUI

BUI

BUI is a global technology consultancy and Cloud Solution Provider specialising in cloud, security, and networking solutions for mid-market and enterprise-level business across the world.

Element

Element

Element is a new type of communications platform. It combines consumer messaging apps, collaboration tools and video conferencing to replace email, address shadow IT and improve security.