Fake Police Ransomware Scam

Uploaded on 2017-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber Criminals used JavaScript from another domain to trick users into believing that their devices had been compromised by a police ransomware.

Apple Inc issued a quick iPhone software update to iOS (10.3) recently when its customers reported a series of ransomware attacks targeting Safari browser.

It all started in February 2017 when iPhone users were targeted with a ransomware note accusing them of watching X-rated and pirated content. 

Furthermore, the cyber criminals claimed that it will be impossible to remove the ransomware until a sum of USD 124 (Euro 115) in the form of iTunes gift card is sent to a particular phone number.

The ransomware note was phony since clearing Safari browser’s cache would allow users to access the browser again. 

The crooks were taking advantage of JavaScript in order to trick users into believing that their browser has been compromised due to illegal activities.

The JavaScript in this attack was taken from a website called pay-police.com and was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appeared to DOS (denial of service) the browser.

The researchers at IT security firm Lookout wrote in their blog post that “the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realises he doesn’t have to pay the ransom to recover data or access the browser.”

Simply put, the cyber criminals were abusing Safari browsers to scare unsuspecting users into pay money, however, Apple took the treat seriously and issued the update before these elements could further abuse the browser settings.

This is not the first time when Apple’s Safari browser has been used for malicious purposes. Previously, a critical flaw allowed state actors to use Safari browser to hack celebrities, activists and journalists.

It is a fact that Apple devices are the prime target for scammers and cyber criminals. Recently a group of hackers calling themselves Turkish Crime Family threatened to wipe up to 300 million iPhones unless Apple paid a massive amount in ransom.

HackRead

You Might Also Read: 

Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness:

Browser Autofill Can Be Used To Steal Data:

Targeted Ransomware Attacks Are Focusing On Business:

 

 

« Drones, Satellites And Cyber Warfare
US Intelligence Agencies Fear Insiders As Much As Spies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

Kaesim Cybersecurity

Kaesim Cybersecurity

Kaesim are a global team of cybersecurity experts protecting businesses since 2015. We stop bad people damaging your business, your data and your reputation.