|Short Description||This works as same as police ransomware scam , this was first detected in 2013. Like ther police ransomware this also shows a fake message which will have the content for tricking the victim to pay the ransom. This also has a component known as winlocker that allows the ransomware even to block the access from the infected computer.|
|Symptoms||The victim will not be able his device anymore, the victim will be left out with very few controls for operating the device.|
|Distribution Method||Spam email .|
One of the fascinating character of this ransomware is that this collects the data from the victim’s browser and then uses those data to scam against the victim, this makes the victim believe the fake warning. Instead of showing fake messages like other ransomware this can craft its message according to the victim’s online history and the browsing habits so that it will be more effective.
The main working of this ransomware is similar to the police ransomware it displays the message that will include the victim’s IP address and the URL that are supposedly claimed as containing the illegal contents. The ransomware scans the victim’s browser for information on pornographic material, if the ransomware is able to match it with the victim’s history it will claim that the illegal content was from that particular site and will craft its message according and will demand the ransom. Which makes this ransomware more efficient compared to others of its kind. There are various instances where this was found every time this ransomware used different method for evasion purposes. Finally when all these details are crafted it block the victim from accessing the device and then demands the victim to pay the ransom accordingly. This also disables the task manager and registry editor. Which makes things worse for the victim.